From e8b2419444c586d16c717d6446efe672545c89f4 Mon Sep 17 00:00:00 2001 From: bmeehan Date: Tue, 1 Nov 2022 17:16:47 +1100 Subject: [PATCH 01/10] ITPLT-2247 allow the option to pull installer from a location requiring basic_auth --- roles/product_install/tasks/main.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/product_install/tasks/main.yml b/roles/product_install/tasks/main.yml index ffe3c25..68266b0 100644 --- a/roles/product_install/tasks/main.yml +++ b/roles/product_install/tasks/main.yml @@ -177,14 +177,20 @@ - name: download_binary is true so fetch and do all the things block: - # Fetch binary and copy to temp + # Fetch binary and copy to temp + # optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian' - name: Fetch binary ansible.builtin.get_url: url: "{{ atl_product_download_url }}" dest: "{{ atl_product_temp_download }}" + url_password: "{{ lookup('amazon.aws.aws_secret', passwordpath, region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + url_username: "{{ lookup('amazon.aws.aws_secret', userpath, region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" mode: 0755 force: false register: atl_product_completed + vars: + passwordpath: "download_atlassian.password" + userpath: "download_atlassian.username" # If product installer was fetched make the lock directory - name: Create moving_lock. From 6fc62c0f84a5e4b08aab3424003337cbb6491474 Mon Sep 17 00:00:00 2001 From: bmeehan Date: Wed, 2 Nov 2022 11:23:31 +1100 Subject: [PATCH 02/10] ITPLT-2247 try to default to omitting the user and pass keys --- roles/product_install/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/product_install/tasks/main.yml b/roles/product_install/tasks/main.yml index 68266b0..5d61cad 100644 --- a/roles/product_install/tasks/main.yml +++ b/roles/product_install/tasks/main.yml @@ -183,8 +183,8 @@ ansible.builtin.get_url: url: "{{ atl_product_download_url }}" dest: "{{ atl_product_temp_download }}" - url_password: "{{ lookup('amazon.aws.aws_secret', passwordpath, region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" - url_username: "{{ lookup('amazon.aws.aws_secret', userpath, region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + url_password: "{{ lookup('amazon.aws.aws_secret', passwordpath, region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') | default(omit) }}" + url_username: "{{ lookup('amazon.aws.aws_secret', userpath, region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') | default(omit) }}" mode: 0755 force: false register: atl_product_completed From 1bd4b540820bf15beeb0fb3635783a86d516f28d Mon Sep 17 00:00:00 2001 From: bmeehan Date: Thu, 3 Nov 2022 06:27:40 +1100 Subject: [PATCH 03/10] ITPLT-2247 collapse secret vars into hardcoded strings --- roles/product_install/tasks/main.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/roles/product_install/tasks/main.yml b/roles/product_install/tasks/main.yml index 5d61cad..eece7e2 100644 --- a/roles/product_install/tasks/main.yml +++ b/roles/product_install/tasks/main.yml @@ -183,14 +183,11 @@ ansible.builtin.get_url: url: "{{ atl_product_download_url }}" dest: "{{ atl_product_temp_download }}" - url_password: "{{ lookup('amazon.aws.aws_secret', passwordpath, region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') | default(omit) }}" - url_username: "{{ lookup('amazon.aws.aws_secret', userpath, region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') | default(omit) }}" + url_password: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') | default(omit) }}" + url_username: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') | default(omit) }}" mode: 0755 force: false register: atl_product_completed - vars: - passwordpath: "download_atlassian.password" - userpath: "download_atlassian.username" # If product installer was fetched make the lock directory - name: Create moving_lock. From b04c5556e5f2daa9ddfdc49bbc1ef1f83c8f3b0e Mon Sep 17 00:00:00 2001 From: bmeehan Date: Thu, 3 Nov 2022 09:23:23 +1100 Subject: [PATCH 04/10] ITPLT-2247 add missing aws region var to all tests requiring it --- roles/bitbucket_config/molecule/default/converge.yml | 2 ++ roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml | 1 + roles/confluence_config/molecule/aurora/converge.yml | 1 + roles/confluence_config/molecule/default/converge.yml | 1 + .../molecule/password_char_escaping/converge.yml | 1 + roles/confluence_config/molecule/system_jdk/converge.yml | 1 + roles/jira_config/molecule/aurora/converge.yml | 1 + roles/jira_config/molecule/default/converge.yml | 1 + roles/jira_config/molecule/jira_config_props/converge.yml | 1 + roles/jira_config/molecule/password_char_escaping/converge.yml | 1 + roles/product_install/molecule/bitbucket_latest/converge.yml | 1 + roles/product_install/molecule/confluence_latest/converge.yml | 2 ++ .../molecule/confluence_version_with_uppercase/converge.yml | 2 ++ roles/product_install/molecule/crowd_latest/converge.yml | 2 ++ roles/product_install/molecule/default/converge.yml | 2 ++ roles/product_install/molecule/jira_all/converge.yml | 2 ++ .../molecule/jira_cached_with_downgrade/converge.yml | 1 + .../molecule/jira_cached_with_upgrade/converge.yml | 1 + .../product_install/molecule/jira_software_latest/converge.yml | 2 ++ roles/product_install/molecule/jira_tarball/converge.yml | 2 ++ .../molecule/jira_tarball_download_url/converge.yml | 1 + .../molecule/jira_version_from_file/converge.yml | 1 + roles/product_install/molecule/jira_version_latest/converge.yml | 2 ++ .../product_install/molecule/jira_version_override/converge.yml | 2 ++ roles/product_install/molecule/servicedesk3/converge.yml | 1 + roles/product_install/molecule/servicedesk4/converge.yml | 1 + roles/product_install/molecule/servicedesk_latest/converge.yml | 1 + 27 files changed, 37 insertions(+) diff --git a/roles/bitbucket_config/molecule/default/converge.yml b/roles/bitbucket_config/molecule/default/converge.yml index 64dcf3f..a345492 100644 --- a/roles/bitbucket_config/molecule/default/converge.yml +++ b/roles/bitbucket_config/molecule/default/converge.yml @@ -17,6 +17,8 @@ atl_bitbucket_properties_raw: "key1=val1 key2=val2 key3=val3" + ansible_ec2_placement_region: 'us-east-1' + roles: - role: linux_common - role: product_common diff --git a/roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml b/roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml index 596fbfc..15914ea 100644 --- a/roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml +++ b/roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml @@ -13,6 +13,7 @@ atl_jdbc_password: 'molecule_password' atl_aws_region: us-east-2 + ansible_ec2_placement_region: 'us-east-2' roles: - role: linux_common diff --git a/roles/confluence_config/molecule/aurora/converge.yml b/roles/confluence_config/molecule/aurora/converge.yml index d57ff60..ff39080 100644 --- a/roles/confluence_config/molecule/aurora/converge.yml +++ b/roles/confluence_config/molecule/aurora/converge.yml @@ -14,6 +14,7 @@ atl_cluster_node_id: 'FAKEID' atl_autologin_cookie_age: "COOKIEAGE" atl_local_ipv4: "1.1.1.1" + ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/confluence_config/molecule/default/converge.yml b/roles/confluence_config/molecule/default/converge.yml index 5a7ee00..885c6a8 100644 --- a/roles/confluence_config/molecule/default/converge.yml +++ b/roles/confluence_config/molecule/default/converge.yml @@ -21,6 +21,7 @@ atl_proxy_port: "80" atl_db_preferredtestquery: "select 1;" atl_hazelcast_network_aws_tag_key: "my-cluster-tag" + ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/confluence_config/molecule/password_char_escaping/converge.yml b/roles/confluence_config/molecule/password_char_escaping/converge.yml index c186bb9..069202a 100644 --- a/roles/confluence_config/molecule/password_char_escaping/converge.yml +++ b/roles/confluence_config/molecule/password_char_escaping/converge.yml @@ -18,6 +18,7 @@ atl_tomcat_scheme: "http" atl_proxy_name: "localhost" atl_proxy_port: "80" + ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/confluence_config/molecule/system_jdk/converge.yml b/roles/confluence_config/molecule/system_jdk/converge.yml index e518a8e..88643fb 100644 --- a/roles/confluence_config/molecule/system_jdk/converge.yml +++ b/roles/confluence_config/molecule/system_jdk/converge.yml @@ -21,6 +21,7 @@ atl_db_preferredtestquery: "select 1;" atl_use_system_jdk: true atl_download_format: "tarball" + ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/jira_config/molecule/aurora/converge.yml b/roles/jira_config/molecule/aurora/converge.yml index d273f47..d2ac2c3 100644 --- a/roles/jira_config/molecule/aurora/converge.yml +++ b/roles/jira_config/molecule/aurora/converge.yml @@ -6,6 +6,7 @@ atl_product_edition: "jira-software" atl_product_user: "jira" atl_product_version: "7.13.2" + ansible_ec2_placement_region: 'us-east-1' # dbconfig.xml variables atl_jdbc_user: 'atljira' diff --git a/roles/jira_config/molecule/default/converge.yml b/roles/jira_config/molecule/default/converge.yml index 36a90d9..ec345de 100644 --- a/roles/jira_config/molecule/default/converge.yml +++ b/roles/jira_config/molecule/default/converge.yml @@ -6,6 +6,7 @@ atl_product_edition: "jira-software" atl_product_user: "jira" atl_product_version: "7.13.2" + ansible_ec2_placement_region: 'us-east-1' # dbconfig.xml variables atl_jdbc_user: 'atljira' diff --git a/roles/jira_config/molecule/jira_config_props/converge.yml b/roles/jira_config/molecule/jira_config_props/converge.yml index e0b51fa..99d4f54 100644 --- a/roles/jira_config/molecule/jira_config_props/converge.yml +++ b/roles/jira_config/molecule/jira_config_props/converge.yml @@ -6,6 +6,7 @@ atl_product_edition: "jira-software" atl_product_user: "jira" atl_product_version: "7.13.2" + ansible_ec2_placement_region: 'us-east-1' # dbconfig.xml variables atl_jdbc_user: 'atljira' diff --git a/roles/jira_config/molecule/password_char_escaping/converge.yml b/roles/jira_config/molecule/password_char_escaping/converge.yml index 2aa0e9c..4d1397b 100644 --- a/roles/jira_config/molecule/password_char_escaping/converge.yml +++ b/roles/jira_config/molecule/password_char_escaping/converge.yml @@ -6,6 +6,7 @@ atl_product_edition: "jira-software" atl_product_user: "jira" atl_product_version: "7.13.2" + ansible_ec2_placement_region: 'us-east-1' # dbconfig.xml variables atl_jdbc_user: 'atljira' diff --git a/roles/product_install/molecule/bitbucket_latest/converge.yml b/roles/product_install/molecule/bitbucket_latest/converge.yml index 55ad545..db13cc0 100644 --- a/roles/product_install/molecule/bitbucket_latest/converge.yml +++ b/roles/product_install/molecule/bitbucket_latest/converge.yml @@ -5,6 +5,7 @@ atl_product_family: "stash" atl_product_edition: "bitbucket" atl_product_user: "bitbucket" + ansible_ec2_placement_region: 'us-east-1' atl_product_home: "{{ atl_shared_mountpoint }}/{{ atl_product_edition }}" roles: diff --git a/roles/product_install/molecule/confluence_latest/converge.yml b/roles/product_install/molecule/confluence_latest/converge.yml index fddd5d1..84d30aa 100644 --- a/roles/product_install/molecule/confluence_latest/converge.yml +++ b/roles/product_install/molecule/confluence_latest/converge.yml @@ -5,6 +5,8 @@ atl_product_family: "confluence" atl_product_edition: "confluence" atl_product_user: "confluence" + ansible_ec2_placement_region: 'us-east-1' + roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/confluence_version_with_uppercase/converge.yml b/roles/product_install/molecule/confluence_version_with_uppercase/converge.yml index 68ab242..8197929 100644 --- a/roles/product_install/molecule/confluence_version_with_uppercase/converge.yml +++ b/roles/product_install/molecule/confluence_version_with_uppercase/converge.yml @@ -6,6 +6,8 @@ atl_product_edition: "confluence" atl_product_user: "confluence" atl_product_version: "7.20.0-CONFSERVER-63193-m01" + ansible_ec2_placement_region: 'us-east-1' + roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/crowd_latest/converge.yml b/roles/product_install/molecule/crowd_latest/converge.yml index 490514e..c94d7cf 100644 --- a/roles/product_install/molecule/crowd_latest/converge.yml +++ b/roles/product_install/molecule/crowd_latest/converge.yml @@ -6,6 +6,8 @@ atl_product_edition: "crowd" atl_product_user: "crowd" atl_download_format: "tarball" + ansible_ec2_placement_region: 'us-east-1' + roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/default/converge.yml b/roles/product_install/molecule/default/converge.yml index ead9819..e0b1474 100644 --- a/roles/product_install/molecule/default/converge.yml +++ b/roles/product_install/molecule/default/converge.yml @@ -5,6 +5,8 @@ atl_product_family: "jira" atl_product_edition: "jira-core" atl_product_user: "jira" + ansible_ec2_placement_region: 'us-east-1' + roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/jira_all/converge.yml b/roles/product_install/molecule/jira_all/converge.yml index 7043280..d52fabf 100644 --- a/roles/product_install/molecule/jira_all/converge.yml +++ b/roles/product_install/molecule/jira_all/converge.yml @@ -14,6 +14,8 @@ atl_jdbc_collation: 'C' atl_jdbc_ctype: 'C' atl_jdbc_template: 'template0' + ansible_ec2_placement_region: 'us-east-1' + pre_tasks: - name: Create cache dir ansible.builtin.file: diff --git a/roles/product_install/molecule/jira_cached_with_downgrade/converge.yml b/roles/product_install/molecule/jira_cached_with_downgrade/converge.yml index c9cf986..fa06125 100644 --- a/roles/product_install/molecule/jira_cached_with_downgrade/converge.yml +++ b/roles/product_install/molecule/jira_cached_with_downgrade/converge.yml @@ -7,6 +7,7 @@ atl_product_user: "jira" # NOTE: This should be honoured as it is higher than the cached version below. atl_product_version: "7.10.1" + ansible_ec2_placement_region: 'us-east-1' pre_tasks: - name: Create cache dir diff --git a/roles/product_install/molecule/jira_cached_with_upgrade/converge.yml b/roles/product_install/molecule/jira_cached_with_upgrade/converge.yml index f87088e..9824e38 100644 --- a/roles/product_install/molecule/jira_cached_with_upgrade/converge.yml +++ b/roles/product_install/molecule/jira_cached_with_upgrade/converge.yml @@ -7,6 +7,7 @@ atl_product_user: "jira" # NOTE: This should be honoured as it is higher than the cached version below. atl_product_version: "7.10.1" + ansible_ec2_placement_region: 'us-east-1' pre_tasks: - name: Create cache dir diff --git a/roles/product_install/molecule/jira_software_latest/converge.yml b/roles/product_install/molecule/jira_software_latest/converge.yml index 3f589f0..016ea1d 100644 --- a/roles/product_install/molecule/jira_software_latest/converge.yml +++ b/roles/product_install/molecule/jira_software_latest/converge.yml @@ -6,6 +6,8 @@ atl_product_edition: "jira-software" atl_product_user: "jira" atl_product_version: "latest" + ansible_ec2_placement_region: 'us-east-1' + roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/jira_tarball/converge.yml b/roles/product_install/molecule/jira_tarball/converge.yml index 7d49215..6d649de 100644 --- a/roles/product_install/molecule/jira_tarball/converge.yml +++ b/roles/product_install/molecule/jira_tarball/converge.yml @@ -6,6 +6,8 @@ atl_product_edition: "jira-core" atl_product_user: "jira" atl_download_format: "tarball" + ansible_ec2_placement_region: 'us-east-1' + roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/jira_tarball_download_url/converge.yml b/roles/product_install/molecule/jira_tarball_download_url/converge.yml index 6b455ae..0f5923a 100644 --- a/roles/product_install/molecule/jira_tarball_download_url/converge.yml +++ b/roles/product_install/molecule/jira_tarball_download_url/converge.yml @@ -19,6 +19,7 @@ # When using a tarball the following are also required: atl_download_format: "tarball" atl_use_system_jdk: true + ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/product_install/molecule/jira_version_from_file/converge.yml b/roles/product_install/molecule/jira_version_from_file/converge.yml index 0391262..6d203c0 100644 --- a/roles/product_install/molecule/jira_version_from_file/converge.yml +++ b/roles/product_install/molecule/jira_version_from_file/converge.yml @@ -7,6 +7,7 @@ atl_product_user: "jira" # NOTE: This should be ignored because the version file exists (below). atl_product_version: "latest" + ansible_ec2_placement_region: 'us-east-1' pre_tasks: - name: Create cache dir diff --git a/roles/product_install/molecule/jira_version_latest/converge.yml b/roles/product_install/molecule/jira_version_latest/converge.yml index 37a54b1..f3bb1d5 100644 --- a/roles/product_install/molecule/jira_version_latest/converge.yml +++ b/roles/product_install/molecule/jira_version_latest/converge.yml @@ -6,6 +6,8 @@ atl_product_edition: "jira-core" atl_product_user: "jira" atl_product_version: "latest" + ansible_ec2_placement_region: 'us-east-1' + roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/jira_version_override/converge.yml b/roles/product_install/molecule/jira_version_override/converge.yml index 7074099..fc8cbd2 100644 --- a/roles/product_install/molecule/jira_version_override/converge.yml +++ b/roles/product_install/molecule/jira_version_override/converge.yml @@ -6,6 +6,8 @@ atl_product_edition: "jira-core" atl_product_user: "jira" atl_product_version: "7.13.2" + ansible_ec2_placement_region: 'us-east-1' + roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/servicedesk3/converge.yml b/roles/product_install/molecule/servicedesk3/converge.yml index fe8aa7f..2b59892 100644 --- a/roles/product_install/molecule/servicedesk3/converge.yml +++ b/roles/product_install/molecule/servicedesk3/converge.yml @@ -6,6 +6,7 @@ atl_product_family: "jira" atl_product_user: "jira" atl_product_version: "3.9.0" + ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/product_install/molecule/servicedesk4/converge.yml b/roles/product_install/molecule/servicedesk4/converge.yml index 2e5fb79..fd0d0e8 100644 --- a/roles/product_install/molecule/servicedesk4/converge.yml +++ b/roles/product_install/molecule/servicedesk4/converge.yml @@ -6,6 +6,7 @@ atl_product_family: "jira" atl_product_user: "jira" atl_product_version: "4.1.0" + ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/product_install/molecule/servicedesk_latest/converge.yml b/roles/product_install/molecule/servicedesk_latest/converge.yml index d17a735..8b8394c 100644 --- a/roles/product_install/molecule/servicedesk_latest/converge.yml +++ b/roles/product_install/molecule/servicedesk_latest/converge.yml @@ -6,6 +6,7 @@ atl_product_family: "jira" atl_product_user: "jira" atl_product_version: "latest" + ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common From d41db482e7bc0ac7940f84fa3da54a5e462138bd Mon Sep 17 00:00:00 2001 From: bmeehan Date: Thu, 3 Nov 2022 10:46:41 +1100 Subject: [PATCH 05/10] ITPLT-2247 trying to work around test fails by separating out the lookups --- roles/product_install/tasks/main.yml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/roles/product_install/tasks/main.yml b/roles/product_install/tasks/main.yml index eece7e2..201ccd1 100644 --- a/roles/product_install/tasks/main.yml +++ b/roles/product_install/tasks/main.yml @@ -177,14 +177,22 @@ - name: download_binary is true so fetch and do all the things block: - # Fetch binary and copy to temp # optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian' + - name: set basic_auth facts if the secret exists + ansible.builtin.set_fact: + download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + failed_when: false + no_log: true + + # Fetch binary and copy to temp + # optionally use basic_auth creds from secrets_manager - name: Fetch binary ansible.builtin.get_url: url: "{{ atl_product_download_url }}" dest: "{{ atl_product_temp_download }}" - url_password: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') | default(omit) }}" - url_username: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') | default(omit) }}" + url_password: "{{ download_atlassian_password | default(omit) }}" + url_username: "{{ download_atlassian_username | default(omit) }}" mode: 0755 force: false register: atl_product_completed From 79e07ad6dfa110936efbcea7703cb8ae1285e119 Mon Sep 17 00:00:00 2001 From: bmeehan Date: Thu, 3 Nov 2022 10:55:51 +1100 Subject: [PATCH 06/10] ITPLT-2247 try adding a when region exists --- roles/product_install/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/product_install/tasks/main.yml b/roles/product_install/tasks/main.yml index 201ccd1..92aec04 100644 --- a/roles/product_install/tasks/main.yml +++ b/roles/product_install/tasks/main.yml @@ -182,8 +182,9 @@ ansible.builtin.set_fact: download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" - failed_when: false + failed_when: False no_log: true + when: ansible_ec2_placement_region is defined # Fetch binary and copy to temp # optionally use basic_auth creds from secrets_manager From 97fd251161234748073059959207a3c82921182d Mon Sep 17 00:00:00 2001 From: bmeehan Date: Fri, 4 Nov 2022 09:54:46 +1100 Subject: [PATCH 07/10] ITPLT-2247 try adding notest to the lookup block --- roles/product_install/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/product_install/tasks/main.yml b/roles/product_install/tasks/main.yml index 92aec04..26bd037 100644 --- a/roles/product_install/tasks/main.yml +++ b/roles/product_install/tasks/main.yml @@ -182,9 +182,11 @@ ansible.builtin.set_fact: download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" - failed_when: False + failed_when: false no_log: true when: ansible_ec2_placement_region is defined + tags: + - notest # Fetch binary and copy to temp # optionally use basic_auth creds from secrets_manager From c6fa27d97e44788b55b9fd411c519a8e902b5005 Mon Sep 17 00:00:00 2001 From: bmeehan Date: Fri, 4 Nov 2022 00:24:23 +0000 Subject: [PATCH 08/10] ITPLT-2247 use runtime_pkg tag instead of notest --- roles/bitbucket_config/molecule/default/converge.yml | 2 -- roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml | 1 - roles/confluence_config/molecule/aurora/converge.yml | 1 - roles/confluence_config/molecule/default/converge.yml | 1 - .../molecule/password_char_escaping/converge.yml | 1 - roles/confluence_config/molecule/system_jdk/converge.yml | 1 - roles/jira_config/molecule/aurora/converge.yml | 1 - roles/jira_config/molecule/default/converge.yml | 1 - roles/jira_config/molecule/jira_config_props/converge.yml | 1 - roles/jira_config/molecule/password_char_escaping/converge.yml | 1 - roles/product_install/molecule/bitbucket_latest/converge.yml | 1 - roles/product_install/molecule/confluence_latest/converge.yml | 2 -- .../molecule/confluence_version_with_uppercase/converge.yml | 2 -- roles/product_install/molecule/crowd_latest/converge.yml | 2 -- roles/product_install/molecule/default/converge.yml | 2 -- roles/product_install/molecule/jira_all/converge.yml | 2 -- .../molecule/jira_cached_with_downgrade/converge.yml | 1 - .../molecule/jira_cached_with_upgrade/converge.yml | 1 - .../product_install/molecule/jira_software_latest/converge.yml | 2 -- roles/product_install/molecule/jira_tarball/converge.yml | 2 -- .../molecule/jira_tarball_download_url/converge.yml | 1 - .../molecule/jira_version_from_file/converge.yml | 1 - roles/product_install/molecule/jira_version_latest/converge.yml | 2 -- .../product_install/molecule/jira_version_override/converge.yml | 2 -- roles/product_install/molecule/servicedesk3/converge.yml | 1 - roles/product_install/molecule/servicedesk4/converge.yml | 1 - roles/product_install/molecule/servicedesk_latest/converge.yml | 1 - roles/product_install/tasks/main.yml | 2 +- 28 files changed, 1 insertion(+), 38 deletions(-) diff --git a/roles/bitbucket_config/molecule/default/converge.yml b/roles/bitbucket_config/molecule/default/converge.yml index a345492..64dcf3f 100644 --- a/roles/bitbucket_config/molecule/default/converge.yml +++ b/roles/bitbucket_config/molecule/default/converge.yml @@ -17,8 +17,6 @@ atl_bitbucket_properties_raw: "key1=val1 key2=val2 key3=val3" - ansible_ec2_placement_region: 'us-east-1' - roles: - role: linux_common - role: product_common diff --git a/roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml b/roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml index 15914ea..596fbfc 100644 --- a/roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml +++ b/roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml @@ -13,7 +13,6 @@ atl_jdbc_password: 'molecule_password' atl_aws_region: us-east-2 - ansible_ec2_placement_region: 'us-east-2' roles: - role: linux_common diff --git a/roles/confluence_config/molecule/aurora/converge.yml b/roles/confluence_config/molecule/aurora/converge.yml index ff39080..d57ff60 100644 --- a/roles/confluence_config/molecule/aurora/converge.yml +++ b/roles/confluence_config/molecule/aurora/converge.yml @@ -14,7 +14,6 @@ atl_cluster_node_id: 'FAKEID' atl_autologin_cookie_age: "COOKIEAGE" atl_local_ipv4: "1.1.1.1" - ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/confluence_config/molecule/default/converge.yml b/roles/confluence_config/molecule/default/converge.yml index 885c6a8..5a7ee00 100644 --- a/roles/confluence_config/molecule/default/converge.yml +++ b/roles/confluence_config/molecule/default/converge.yml @@ -21,7 +21,6 @@ atl_proxy_port: "80" atl_db_preferredtestquery: "select 1;" atl_hazelcast_network_aws_tag_key: "my-cluster-tag" - ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/confluence_config/molecule/password_char_escaping/converge.yml b/roles/confluence_config/molecule/password_char_escaping/converge.yml index 069202a..c186bb9 100644 --- a/roles/confluence_config/molecule/password_char_escaping/converge.yml +++ b/roles/confluence_config/molecule/password_char_escaping/converge.yml @@ -18,7 +18,6 @@ atl_tomcat_scheme: "http" atl_proxy_name: "localhost" atl_proxy_port: "80" - ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/confluence_config/molecule/system_jdk/converge.yml b/roles/confluence_config/molecule/system_jdk/converge.yml index 88643fb..e518a8e 100644 --- a/roles/confluence_config/molecule/system_jdk/converge.yml +++ b/roles/confluence_config/molecule/system_jdk/converge.yml @@ -21,7 +21,6 @@ atl_db_preferredtestquery: "select 1;" atl_use_system_jdk: true atl_download_format: "tarball" - ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/jira_config/molecule/aurora/converge.yml b/roles/jira_config/molecule/aurora/converge.yml index d2ac2c3..d273f47 100644 --- a/roles/jira_config/molecule/aurora/converge.yml +++ b/roles/jira_config/molecule/aurora/converge.yml @@ -6,7 +6,6 @@ atl_product_edition: "jira-software" atl_product_user: "jira" atl_product_version: "7.13.2" - ansible_ec2_placement_region: 'us-east-1' # dbconfig.xml variables atl_jdbc_user: 'atljira' diff --git a/roles/jira_config/molecule/default/converge.yml b/roles/jira_config/molecule/default/converge.yml index ec345de..36a90d9 100644 --- a/roles/jira_config/molecule/default/converge.yml +++ b/roles/jira_config/molecule/default/converge.yml @@ -6,7 +6,6 @@ atl_product_edition: "jira-software" atl_product_user: "jira" atl_product_version: "7.13.2" - ansible_ec2_placement_region: 'us-east-1' # dbconfig.xml variables atl_jdbc_user: 'atljira' diff --git a/roles/jira_config/molecule/jira_config_props/converge.yml b/roles/jira_config/molecule/jira_config_props/converge.yml index 99d4f54..e0b51fa 100644 --- a/roles/jira_config/molecule/jira_config_props/converge.yml +++ b/roles/jira_config/molecule/jira_config_props/converge.yml @@ -6,7 +6,6 @@ atl_product_edition: "jira-software" atl_product_user: "jira" atl_product_version: "7.13.2" - ansible_ec2_placement_region: 'us-east-1' # dbconfig.xml variables atl_jdbc_user: 'atljira' diff --git a/roles/jira_config/molecule/password_char_escaping/converge.yml b/roles/jira_config/molecule/password_char_escaping/converge.yml index 4d1397b..2aa0e9c 100644 --- a/roles/jira_config/molecule/password_char_escaping/converge.yml +++ b/roles/jira_config/molecule/password_char_escaping/converge.yml @@ -6,7 +6,6 @@ atl_product_edition: "jira-software" atl_product_user: "jira" atl_product_version: "7.13.2" - ansible_ec2_placement_region: 'us-east-1' # dbconfig.xml variables atl_jdbc_user: 'atljira' diff --git a/roles/product_install/molecule/bitbucket_latest/converge.yml b/roles/product_install/molecule/bitbucket_latest/converge.yml index db13cc0..55ad545 100644 --- a/roles/product_install/molecule/bitbucket_latest/converge.yml +++ b/roles/product_install/molecule/bitbucket_latest/converge.yml @@ -5,7 +5,6 @@ atl_product_family: "stash" atl_product_edition: "bitbucket" atl_product_user: "bitbucket" - ansible_ec2_placement_region: 'us-east-1' atl_product_home: "{{ atl_shared_mountpoint }}/{{ atl_product_edition }}" roles: diff --git a/roles/product_install/molecule/confluence_latest/converge.yml b/roles/product_install/molecule/confluence_latest/converge.yml index 84d30aa..fddd5d1 100644 --- a/roles/product_install/molecule/confluence_latest/converge.yml +++ b/roles/product_install/molecule/confluence_latest/converge.yml @@ -5,8 +5,6 @@ atl_product_family: "confluence" atl_product_edition: "confluence" atl_product_user: "confluence" - ansible_ec2_placement_region: 'us-east-1' - roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/confluence_version_with_uppercase/converge.yml b/roles/product_install/molecule/confluence_version_with_uppercase/converge.yml index 8197929..68ab242 100644 --- a/roles/product_install/molecule/confluence_version_with_uppercase/converge.yml +++ b/roles/product_install/molecule/confluence_version_with_uppercase/converge.yml @@ -6,8 +6,6 @@ atl_product_edition: "confluence" atl_product_user: "confluence" atl_product_version: "7.20.0-CONFSERVER-63193-m01" - ansible_ec2_placement_region: 'us-east-1' - roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/crowd_latest/converge.yml b/roles/product_install/molecule/crowd_latest/converge.yml index c94d7cf..490514e 100644 --- a/roles/product_install/molecule/crowd_latest/converge.yml +++ b/roles/product_install/molecule/crowd_latest/converge.yml @@ -6,8 +6,6 @@ atl_product_edition: "crowd" atl_product_user: "crowd" atl_download_format: "tarball" - ansible_ec2_placement_region: 'us-east-1' - roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/default/converge.yml b/roles/product_install/molecule/default/converge.yml index e0b1474..ead9819 100644 --- a/roles/product_install/molecule/default/converge.yml +++ b/roles/product_install/molecule/default/converge.yml @@ -5,8 +5,6 @@ atl_product_family: "jira" atl_product_edition: "jira-core" atl_product_user: "jira" - ansible_ec2_placement_region: 'us-east-1' - roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/jira_all/converge.yml b/roles/product_install/molecule/jira_all/converge.yml index d52fabf..7043280 100644 --- a/roles/product_install/molecule/jira_all/converge.yml +++ b/roles/product_install/molecule/jira_all/converge.yml @@ -14,8 +14,6 @@ atl_jdbc_collation: 'C' atl_jdbc_ctype: 'C' atl_jdbc_template: 'template0' - ansible_ec2_placement_region: 'us-east-1' - pre_tasks: - name: Create cache dir ansible.builtin.file: diff --git a/roles/product_install/molecule/jira_cached_with_downgrade/converge.yml b/roles/product_install/molecule/jira_cached_with_downgrade/converge.yml index fa06125..c9cf986 100644 --- a/roles/product_install/molecule/jira_cached_with_downgrade/converge.yml +++ b/roles/product_install/molecule/jira_cached_with_downgrade/converge.yml @@ -7,7 +7,6 @@ atl_product_user: "jira" # NOTE: This should be honoured as it is higher than the cached version below. atl_product_version: "7.10.1" - ansible_ec2_placement_region: 'us-east-1' pre_tasks: - name: Create cache dir diff --git a/roles/product_install/molecule/jira_cached_with_upgrade/converge.yml b/roles/product_install/molecule/jira_cached_with_upgrade/converge.yml index 9824e38..f87088e 100644 --- a/roles/product_install/molecule/jira_cached_with_upgrade/converge.yml +++ b/roles/product_install/molecule/jira_cached_with_upgrade/converge.yml @@ -7,7 +7,6 @@ atl_product_user: "jira" # NOTE: This should be honoured as it is higher than the cached version below. atl_product_version: "7.10.1" - ansible_ec2_placement_region: 'us-east-1' pre_tasks: - name: Create cache dir diff --git a/roles/product_install/molecule/jira_software_latest/converge.yml b/roles/product_install/molecule/jira_software_latest/converge.yml index 016ea1d..3f589f0 100644 --- a/roles/product_install/molecule/jira_software_latest/converge.yml +++ b/roles/product_install/molecule/jira_software_latest/converge.yml @@ -6,8 +6,6 @@ atl_product_edition: "jira-software" atl_product_user: "jira" atl_product_version: "latest" - ansible_ec2_placement_region: 'us-east-1' - roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/jira_tarball/converge.yml b/roles/product_install/molecule/jira_tarball/converge.yml index 6d649de..7d49215 100644 --- a/roles/product_install/molecule/jira_tarball/converge.yml +++ b/roles/product_install/molecule/jira_tarball/converge.yml @@ -6,8 +6,6 @@ atl_product_edition: "jira-core" atl_product_user: "jira" atl_download_format: "tarball" - ansible_ec2_placement_region: 'us-east-1' - roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/jira_tarball_download_url/converge.yml b/roles/product_install/molecule/jira_tarball_download_url/converge.yml index 0f5923a..6b455ae 100644 --- a/roles/product_install/molecule/jira_tarball_download_url/converge.yml +++ b/roles/product_install/molecule/jira_tarball_download_url/converge.yml @@ -19,7 +19,6 @@ # When using a tarball the following are also required: atl_download_format: "tarball" atl_use_system_jdk: true - ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/product_install/molecule/jira_version_from_file/converge.yml b/roles/product_install/molecule/jira_version_from_file/converge.yml index 6d203c0..0391262 100644 --- a/roles/product_install/molecule/jira_version_from_file/converge.yml +++ b/roles/product_install/molecule/jira_version_from_file/converge.yml @@ -7,7 +7,6 @@ atl_product_user: "jira" # NOTE: This should be ignored because the version file exists (below). atl_product_version: "latest" - ansible_ec2_placement_region: 'us-east-1' pre_tasks: - name: Create cache dir diff --git a/roles/product_install/molecule/jira_version_latest/converge.yml b/roles/product_install/molecule/jira_version_latest/converge.yml index f3bb1d5..37a54b1 100644 --- a/roles/product_install/molecule/jira_version_latest/converge.yml +++ b/roles/product_install/molecule/jira_version_latest/converge.yml @@ -6,8 +6,6 @@ atl_product_edition: "jira-core" atl_product_user: "jira" atl_product_version: "latest" - ansible_ec2_placement_region: 'us-east-1' - roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/jira_version_override/converge.yml b/roles/product_install/molecule/jira_version_override/converge.yml index fc8cbd2..7074099 100644 --- a/roles/product_install/molecule/jira_version_override/converge.yml +++ b/roles/product_install/molecule/jira_version_override/converge.yml @@ -6,8 +6,6 @@ atl_product_edition: "jira-core" atl_product_user: "jira" atl_product_version: "7.13.2" - ansible_ec2_placement_region: 'us-east-1' - roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/servicedesk3/converge.yml b/roles/product_install/molecule/servicedesk3/converge.yml index 2b59892..fe8aa7f 100644 --- a/roles/product_install/molecule/servicedesk3/converge.yml +++ b/roles/product_install/molecule/servicedesk3/converge.yml @@ -6,7 +6,6 @@ atl_product_family: "jira" atl_product_user: "jira" atl_product_version: "3.9.0" - ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/product_install/molecule/servicedesk4/converge.yml b/roles/product_install/molecule/servicedesk4/converge.yml index fd0d0e8..2e5fb79 100644 --- a/roles/product_install/molecule/servicedesk4/converge.yml +++ b/roles/product_install/molecule/servicedesk4/converge.yml @@ -6,7 +6,6 @@ atl_product_family: "jira" atl_product_user: "jira" atl_product_version: "4.1.0" - ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/product_install/molecule/servicedesk_latest/converge.yml b/roles/product_install/molecule/servicedesk_latest/converge.yml index 8b8394c..d17a735 100644 --- a/roles/product_install/molecule/servicedesk_latest/converge.yml +++ b/roles/product_install/molecule/servicedesk_latest/converge.yml @@ -6,7 +6,6 @@ atl_product_family: "jira" atl_product_user: "jira" atl_product_version: "latest" - ansible_ec2_placement_region: 'us-east-1' roles: - role: linux_common diff --git a/roles/product_install/tasks/main.yml b/roles/product_install/tasks/main.yml index 26bd037..c7ac160 100644 --- a/roles/product_install/tasks/main.yml +++ b/roles/product_install/tasks/main.yml @@ -186,7 +186,7 @@ no_log: true when: ansible_ec2_placement_region is defined tags: - - notest + - runtime_pkg # Fetch binary and copy to temp # optionally use basic_auth creds from secrets_manager From 0cc9c4aa5d2070dd395708ade0385e8fc249da3e Mon Sep 17 00:00:00 2001 From: bmeehan Date: Mon, 7 Nov 2022 23:43:53 +0000 Subject: [PATCH 09/10] ITPLT-2247 provide secret name in a parameter --- roles/product_install/defaults/main.yml | 4 ++++ roles/product_install/tasks/main.yml | 8 +++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/product_install/defaults/main.yml b/roles/product_install/defaults/main.yml index d768e62..2b2c614 100644 --- a/roles/product_install/defaults/main.yml +++ b/roles/product_install/defaults/main.yml @@ -3,6 +3,9 @@ # Empty values to simplify logic (no undefineds) atl_latest_version: '' atl_cached_version: '' +# if basic_auth is required for download of atlassian installable artifact, provide the name of an AWS Secrets Manager secret +# with values for both password and username +atl_download_secret_name: '' atl_product_latest_version_url: "https://marketplace.atlassian.com/rest/2/products/key/{{ atl_product_family }}/versions" atl_product_version_cache_dir: "{{ atl_product_home_shared }}" @@ -14,6 +17,7 @@ atl_download_format_suffix_map: tarball: '.tar.gz' atl_download_suffix: "{{ atl_download_format_suffix_map[atl_download_format] }}" + atl_release_base_url: "https://product-downloads.atlassian.com/software" atl_product_base_url: "{{ atl_release_base_url }}/{{ atl_product_family }}/downloads" atl_product_download_url: "{{ atl_product_base_url }}/atlassian-{{ atl_download_edition | default(atl_product_edition) }}-{{ atl_product_version }}{{ atl_download_suffix }}" diff --git a/roles/product_install/tasks/main.yml b/roles/product_install/tasks/main.yml index c7ac160..e8f8feb 100644 --- a/roles/product_install/tasks/main.yml +++ b/roles/product_install/tasks/main.yml @@ -180,11 +180,13 @@ # optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian' - name: set basic_auth facts if the secret exists ansible.builtin.set_fact: - download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" - download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" failed_when: false no_log: true - when: ansible_ec2_placement_region is defined + when: + - ansible_ec2_placement_region is defined + - atl_download_secret_name is defined tags: - runtime_pkg From f003987cc486173684954de20ceddcc5281ecb0a Mon Sep 17 00:00:00 2001 From: bmeehan Date: Mon, 7 Nov 2022 23:45:24 +0000 Subject: [PATCH 10/10] ITPLT-2247 remove unintentional whitespace --- roles/product_install/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/product_install/defaults/main.yml b/roles/product_install/defaults/main.yml index 2b2c614..92766b3 100644 --- a/roles/product_install/defaults/main.yml +++ b/roles/product_install/defaults/main.yml @@ -17,7 +17,6 @@ atl_download_format_suffix_map: tarball: '.tar.gz' atl_download_suffix: "{{ atl_download_format_suffix_map[atl_download_format] }}" - atl_release_base_url: "https://product-downloads.atlassian.com/software" atl_product_base_url: "{{ atl_release_base_url }}/{{ atl_product_family }}/downloads" atl_product_download_url: "{{ atl_product_base_url }}/atlassian-{{ atl_download_edition | default(atl_product_edition) }}-{{ atl_product_version }}{{ atl_download_suffix }}"