Azure / SAP-automation-samples

This repository will contain the sample SAP Application files and the Terraform configuration files
MIT License
15 stars 31 forks source link

error in Deploy SAP Workload Zone pipeline. #64

Open stahkur opened 8 months ago

stahkur commented 8 months ago

error in Deploy SAP Workload Zone pipeline.

Attached the snippet., pls suggest.

Untitled

2024-03-09T11:01:00.0990511Z ##[section]Starting: Deploy SAP Workload Zone 2024-03-09T11:01:00.0994445Z ============================================================================== 2024-03-09T11:01:00.0994551Z Task : Bash 2024-03-09T11:01:00.0994617Z Description : Run a Bash script on macOS, Linux, or Windows 2024-03-09T11:01:00.0994697Z Version : 3.236.1 2024-03-09T11:01:00.0994750Z Author : Microsoft Corporation 2024-03-09T11:01:00.0994812Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/bash 2024-03-09T11:01:00.0994916Z ============================================================================== 2024-03-09T11:01:02.5873816Z Generating script. 2024-03-09T11:01:02.5884831Z ========================== Starting Command Output =========================== 2024-03-09T11:01:02.5896939Z [command]/usr/bin/bash /home/azureadm/agent/_work/_temp/585314e7-2e70-438c-934c-39d894ef72fd.sh 2024-03-09T11:01:03.2096306Z azureadm account ready for use with Azure SAP Automated Deployment 2024-03-09T11:01:03.2098911Z --- DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars was not found --- 2024-03-09T11:01:03.2142202Z ##[error]File DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars was not found. 2024-03-09T11:01:03.2152889Z 2024-03-09T11:01:03.2154533Z ##[error]Bash exited with code '2'. 2024-03-09T11:01:03.2183291Z ##[section]Async Command Start: Update Build Number 2024-03-09T11:01:04.4722519Z Update build number to Deploying the SAP Workload zone defined in DEV-WEEU-SAP01-INFRASTRUCTURE for build 800 2024-03-09T11:01:04.4722738Z ##[section]Async Command End: Update Build Number 2024-03-09T11:01:04.4723717Z ##[section]Finishing: Deploy SAP Workload Zone

stahkur commented 8 months ago

2024-03-09T15:12:56.3237314Z ##[debug]Evaluating condition for step: 'Deploy SAP Workload Zone' 2024-03-09T15:12:56.3237888Z ##[debug]Evaluating: SucceededNode() 2024-03-09T15:12:56.3238072Z ##[debug]Evaluating SucceededNode: 2024-03-09T15:12:56.3238404Z ##[debug]=> True 2024-03-09T15:12:56.3238599Z ##[debug]Result: True 2024-03-09T15:12:56.3238819Z ##[section]Starting: Deploy SAP Workload Zone 2024-03-09T15:12:56.3242501Z ============================================================================== 2024-03-09T15:12:56.3242612Z Task : Bash 2024-03-09T15:12:56.3242663Z Description : Run a Bash script on macOS, Linux, or Windows 2024-03-09T15:12:56.3242758Z Version : 3.236.1 2024-03-09T15:12:56.3242812Z Author : Microsoft Corporation 2024-03-09T15:12:56.3242874Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/bash 2024-03-09T15:12:56.3242977Z ============================================================================== 2024-03-09T15:12:57.1985847Z ##[debug]Agent environment resources - Disk: / Available 121066.00 MB out of 126841.00 MB, Memory: Used 496.00 MB out of 15980.00 MB, CPU: Usage 22.79% 2024-03-09T15:12:58.5514336Z ##[debug]Using node path: /home/azureadm/agent/externals/node20_1/bin/node 2024-03-09T15:12:58.6117888Z ##[debug]agent.TempDirectory=/home/azureadm/agent/_work/_temp 2024-03-09T15:12:58.6126038Z ##[debug]loading inputs and endpoints 2024-03-09T15:12:58.6128651Z ##[debug]loading INPUT_TARGETTYPE 2024-03-09T15:12:58.6140630Z ##[debug]loading INPUT_FILEPATH 2024-03-09T15:12:58.6142849Z ##[debug]loading INPUT_SCRIPT 2024-03-09T15:12:58.6145177Z ##[debug]loading INPUT_WORKINGDIRECTORY 2024-03-09T15:12:58.6147167Z ##[debug]loading INPUT_FAILONSTDERR 2024-03-09T15:12:58.6148624Z ##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION 2024-03-09T15:12:58.6150249Z ##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION 2024-03-09T15:12:58.6152291Z ##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN 2024-03-09T15:12:58.6158708Z ##[debug]loading SECRET_CP_ARM_CLIENT_SECRET 2024-03-09T15:12:58.6161195Z ##[debug]loading SECRET_SYSTEM_ACCESSTOKEN 2024-03-09T15:12:58.6163125Z ##[debug]loading SECRET_ARM_CLIENT_SECRET 2024-03-09T15:12:58.6165815Z ##[debug]loading SECRET_WZ_PAT 2024-03-09T15:12:58.6168133Z ##[debug]loading SECRET_S-PASSWORD 2024-03-09T15:12:58.6170269Z ##[debug]loading SECRET_WEB_APP_CLIENT_SECRET 2024-03-09T15:12:58.6171383Z ##[debug]loading SECRET_PAT 2024-03-09T15:12:58.6172491Z ##[debug]loaded 15 2024-03-09T15:12:58.6176599Z ##[debug]Agent.ProxyUrl=undefined 2024-03-09T15:12:58.6178062Z ##[debug]Agent.CAInfo=undefined 2024-03-09T15:12:58.6178924Z ##[debug]Agent.ClientCert=undefined 2024-03-09T15:12:58.6179475Z ##[debug]Agent.SkipCertValidation=undefined 2024-03-09T15:12:58.6196557Z ##[debug]check path : /home/azureadm/agent/_work/_tasks/Bash_6c731c3c-3c68-459a-a5c9-bde6e6595b5b/3.236.1/task.json 2024-03-09T15:12:58.6197814Z ##[debug]adding resource file: /home/azureadm/agent/_work/_tasks/Bash_6c731c3c-3c68-459a-a5c9-bde6e6595b5b/3.236.1/task.json 2024-03-09T15:12:58.6198488Z ##[debug]system.culture=en-US 2024-03-09T15:12:58.6207598Z ##[debug]failOnStderr=false 2024-03-09T15:12:58.6209135Z ##[debug]workingDirectory=/home/azureadm/agent/_work/2/s 2024-03-09T15:12:58.6209769Z ##[debug]check path : /home/azureadm/agent/_work/2/s 2024-03-09T15:12:58.6210729Z ##[debug]targetType=inline 2024-03-09T15:12:58.6212155Z ##[debug]bashEnvValue=undefined 2024-03-09T15:12:58.6245168Z ##[debug]script=#!/bin/bash green="\e[1;32m" ; reset="\e[0m" ; boldred="\e[1;31m" ; cyan="\e[1;36m"

echo "##vso[build.updatebuildnumber]Deploying the SAP Workload zone defined in DEV-WEEU-SAP01-INFRASTRUCTURE"

Check if running on deployer

if [ ! -f /etc/profile.d/deploy_server.sh ]; then echo -e "$green --- Install dos2unix ---$reset" sudo apt-get -qq install dos2unix export AZURE_DEVOPS_EXT_PAT=$PAT else source /etc/profile.d/deploy_server.sh export AZURE_DEVOPS_EXT_PAT=$PAT fi

if [ ! -f $CONFIG_REPO_PATH/LANDSCAPE/DEV-WEEU-SAP01-INFRASTRUCTURE/DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars ]; then echo -e "$boldred--- DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars was not found ---$reset" echo "##vso[task.logissue type=error]File DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars was not found." exit 2 fi

echo -e "$green--- Checkout main ---$reset"

cd $CONFIG_REPO_PATH mkdir -p .sap_deployment_automation git checkout -q main

echo -e "$green--- Validations ---$reset"

if [ -z $WL_ARM_SUBSCRIPTION_ID ]; then echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the SDAF-DEV variable group." exit 2 fi

if [ -z $WL_ARM_CLIENT_ID ]; then echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the SDAF-DEV variable group." exit 2 fi

if [ -z $WL_ARM_CLIENT_SECRET ]; then echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the SDAF-DEV variable group." exit 2 fi

if [ -z $WL_ARM_TENANT_ID ]; then echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the SDAF-DEV variable group." exit 2 fi

if [ -z $CP_ARM_SUBSCRIPTION_ID ]; then echo "##vso[task.logissue type=error]Variable CP_ARM_SUBSCRIPTION_ID was not defined in the SDAF-MGMT variable group." exit 2 fi

if [ -z $CP_ARM_CLIENT_ID ]; then echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_ID was not defined in the SDAF-MGMT variable group." exit 2 fi

if [ -z $CP_ARM_CLIENT_SECRET ]; then echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_SECRET was not defined in the SDAF-MGMT variable group." exit 2 fi

if [ -z $CP_ARM_TENANT_ID ]; then echo "##vso[task.logissue type=error]Variable CP_ARM_TENANT_ID was not defined in the SDAF-MGMT variable group." exit 2 fi

echo -e "$green--- Convert config file to UX format ---$reset" dos2unix -q LANDSCAPE/DEV-WEEU-SAP01-INFRASTRUCTURE/DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars echo -e "$green--- Read details ---$reset"

ENVIRONMENT=$(grep "^environment" LANDSCAPE/DEV-WEEU-SAP01-INFRASTRUCTURE/DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars | awk -F'=' '{print $2}' | xargs) LOCATION=$(grep "^location" LANDSCAPE/DEV-WEEU-SAP01-INFRASTRUCTURE/DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') NETWORK=$(grep "^network_logical_name" LANDSCAPE/DEV-WEEU-SAP01-INFRASTRUCTURE/DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars | awk -F'=' '{print $2}' | xargs) echo Environment: ${ENVIRONMENT} echo Location: ${LOCATION} echo Network: ${NETWORK}

ENVIRONMENT_IN_FILENAME=$(echo DEV-WEEU-SAP01-INFRASTRUCTURE | awk -F'-' '{print $1}' | xargs ) LOCATION_CODE=$(echo DEV-WEEU-SAP01-INFRASTRUCTURE | awk -F'-' '{print $2}' | xargs ) case "$LOCATION_CODE" in "AUCE") LOCATION_IN_FILENAME="australiacentral" ;; "AUC2") LOCATION_IN_FILENAME="australiacentral2" ;; "AUEA") LOCATION_IN_FILENAME="australiaeast" ;; "AUSE") LOCATION_IN_FILENAME="australiasoutheast" ;; "BRSO") LOCATION_IN_FILENAME="brazilsouth" ;; "BRSE") LOCATION_IN_FILENAME="brazilsoutheast" ;; "BRUS") LOCATION_IN_FILENAME="brazilus" ;; "CACE") LOCATION_IN_FILENAME="canadacentral" ;; "CAEA") LOCATION_IN_FILENAME="canadaeast" ;; "CEIN") LOCATION_IN_FILENAME="centralindia" ;; "CEUS") LOCATION_IN_FILENAME="centralus" ;; "CEUA") LOCATION_IN_FILENAME="centraluseuap" ;; "EAAS") LOCATION_IN_FILENAME="eastasia" ;; "EAUS") LOCATION_IN_FILENAME="eastus" ;; "EUSA") LOCATION_IN_FILENAME="eastus2euap" ;; "EUS2") LOCATION_IN_FILENAME="eastus2" ;; "EUSG") LOCATION_IN_FILENAME="eastusstg" ;; "FRCE") LOCATION_IN_FILENAME="francecentral" ;; "FRSO") LOCATION_IN_FILENAME="francesouth" ;; "GENO") LOCATION_IN_FILENAME="germanynorth" ;; "GEWE") LOCATION_IN_FILENAME="germanywest" ;; "GEWC") LOCATION_IN_FILENAME="germanywestcentral" ;; "ISCE") LOCATION_IN_FILENAME="israelcentral" ;; "ITNO") LOCATION_IN_FILENAME="italynorth" ;; "JAEA") LOCATION_IN_FILENAME="japaneast" ;; "JAWE") LOCATION_IN_FILENAME="japanwest" ;; "JINC") LOCATION_IN_FILENAME="jioindiacentral" ;; "JINW") LOCATION_IN_FILENAME="jioindiawest" ;; "KOCE") LOCATION_IN_FILENAME="koreacentral" ;; "KOSO") LOCATION_IN_FILENAME="koreasouth" ;; "NCUS") LOCATION_IN_FILENAME="northcentralus" ;; "NOEU") LOCATION_IN_FILENAME="northeurope" ;; "NOEA") LOCATION_IN_FILENAME="norwayeast" ;; "NOWE") LOCATION_IN_FILENAME="norwaywest" ;; "PLCE") LOCATION_IN_FILENAME="polandcentral" ;; "QACE") LOCATION_IN_FILENAME="qatarcentral" ;; "SANO") LOCATION_IN_FILENAME="southafricanorth" ;; "SAWE") LOCATION_IN_FILENAME="southafricawest" ;; "SCUS") LOCATION_IN_FILENAME="southcentralus" ;; "SCUG") LOCATION_IN_FILENAME="southcentralusstg" ;; "SOEA") LOCATION_IN_FILENAME="southeastasia" ;; "SOIN") LOCATION_IN_FILENAME="southindia" ;; "SECE") LOCATION_IN_FILENAME="swedencentral" ;; "SWNO") LOCATION_IN_FILENAME="switzerlandnorth" ;; "SWWE") LOCATION_IN_FILENAME="switzerlandwest" ;; "UACE") LOCATION_IN_FILENAME="uaecentral" ;; "UANO") LOCATION_IN_FILENAME="uaenorth" ;; "UKSO") LOCATION_IN_FILENAME="uksouth" ;; "UKWE") LOCATION_IN_FILENAME="ukwest" ;; "WCUS") LOCATION_IN_FILENAME="westcentralus" ;; "WEEU") LOCATION_IN_FILENAME="westeurope" ;; "WEIN") LOCATION_IN_FILENAME="westindia" ;; "WEUS") LOCATION_IN_FILENAME="westus" ;; "WUS2") LOCATION_IN_FILENAME="westus2" ;; "WUS3") LOCATION_IN_FILENAME="westus3" ;; *) LOCATION_IN_FILENAME="westeurope" ;; esac

NETWORK_IN_FILENAME=$(echo DEV-WEEU-SAP01-INFRASTRUCTURE | awk -F'-' '{print $3}' | xargs ) echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" echo "Location(filename): $LOCATION_IN_FILENAME" echo "Network(filename): $NETWORK_IN_FILENAME"

if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars '$ENVIRONMENT' does not match the DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" exit 2 fi

if [ $LOCATION != $LOCATION_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The location setting in DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars '$LOCATION' does not match the DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars file name '$LOCATION_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" exit 2 fi

if [ $NETWORK != $NETWORK_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The network_logical_name setting in DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars '$NETWORK' does not match the DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars file name '$NETWORK_IN_FILENAME-. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" exit 2 fi

echo -e "$green--- Configure devops CLI extension ---$reset" az config set extension.use_dynamic_install=yes_without_prompt --output none

az extension add --name azure-devops --output none

az devops configure --defaults organization=https://dev.azure.com/sathakur4022/ project='SAPHANADEF' --output none

export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='SDAF-MGMT'].id | [0]") echo 'SDAF-MGMT id: ' $PARENT_VARIABLE_GROUP_ID if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group SDAF-MGMT could not be found." exit 2 fi

export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='SDAF-DEV'].id | [0]") echo 'SDAF-DEV id: ' $VARIABLE_GROUP_ID if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group SDAF-DEV could not be found." exit 2 fi

echo "Agent Pool: " sdaf-mgmt-pool

echo -e "$green--- Set CONFIG_REPO_PATH variable ---$reset"

deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/MGMTWEEU ; echo 'Deployer Environment File' $deployer_environment_file_name workload_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}${LOCATION_CODE}${NETWORK} ; echo 'Workload Environment File' $workload_environment_file_name dos2unix -q ${deployer_environment_file_name} dos2unix -q ${workload_environment_file_name}

if [ ! -f ${deployer_environment_file_name} ]; then echo -e "$boldred--- MGMTWEEU was not found ---$reset" echo "##vso[task.logissue type=error]Control plane configuration file MGMTWEEU was not found." exit 2 fi

echo -e "$green--- Read parameter values ---$reset"

if [ "true" == true ]; then

az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" | tr -d \")
if [ -z ${az_var} ]; then
  deployer_tfstate_key=$(cat ${deployer_environment_file_name}  | grep deployer_tfstate_key | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer State File' $deployer_tfstate_key
else
  deployer_tfstate_key=${az_var} ; echo 'Deployer State File' $deployer_tfstate_key
fi

az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" | tr -d \")
if [ -z ${az_var} ]; then
  key_vault=$(cat ${deployer_environment_file_name}  | grep keyvault= | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault}
else
  key_vault=${az_var}; echo 'Deployer Key Vault' ${key_vault}
fi

az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" | tr -d \")
if [ -z ${az_var} ]; then
  REMOTE_STATE_SA=$(cat ${deployer_environment_file_name}  | grep REMOTE_STATE_SA      | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA
else
  REMOTE_STATE_SA=${az_var}; echo 'Terraform state file storage account' $REMOTE_STATE_SA
fi

az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" | tr -d \")
if [ -z ${az_var} ]; then
  STATE_SUBSCRIPTION=$(cat ${deployer_environment_file_name}  | grep STATE_SUBSCRIPTION   | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION
else
  STATE_SUBSCRIPTION=${az_var}; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION
fi

az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ARM_SUBSCRIPTION_ID.value" | tr -d \")
if [ -z ${az_var} ]; then
  echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined."
  exit 2
else
  echo 'Target subscription' $WL_ARM_SUBSCRIPTION_ID
fi

az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Workload_Key_Vault.value" | tr -d \")
if [ -z ${az_var} ]; then
  if [ -f ${workload_environment_file_name} ]; then
    export workload_key_vault=$(cat ${workload_environment_file_name}  | grep workload_key_vault     | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault}
  fi
else
  export workload_key_vault=$(Workload_Key_Vault)  ; echo 'Workload Key Vault' ${workload_key_vault}
fi

else deployer_tfstate_key=$(cat ${workload_environment_file_name} | grep deployer_tfstate_key | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer State File' $deployer_tfstate_key key_vault=$(cat ${workload_environment_file_name} | grep workload_key_vault= -m1 | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} REMOTE_STATE_SA=$(cat ${workload_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA STATE_SUBSCRIPTION=$(cat ${workload_environment_file_name} | grep STATE_SUBSCRIPTION | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION fi

secrets_set=1 if [ ! -f /etc/profile.d/deploy_server.sh ]; then echo -e "$green --- Install terraform ---$reset"

wget -q https://releases.hashicorp.com/terraform/1.6.2/terraform_1.6.2_linux_amd64.zip return_code=$? if [ 0 != $return_code ]; then echo "##vso[task.logissue type=error]Unable to download Terraform version 1.6.2." exit 2 fi unzip -qq terraform_1.6.2_linux_amd64.zip ; sudo mv terraform /bin/ rm -f terraform_1.6.2_linux_amd64.zip

export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET export ARM_TENANT_ID=$WL_ARM_TENANT_ID export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID export ARM_USE_MSI=false

echo -e "$green--- az login ---$reset" az login --service-principal --username $CP_ARM_CLIENT_ID --password=$CP_ARM_CLIENT_SECRET --tenant $CP_ARM_TENANT_ID --output none return_code=$? if [ 0 != $return_code ]; then echo -e "$boldred--- Login failed ---$reset" echo "##vso[task.logissue type=error]az login failed." exit $return_code fi

else echo -e "$green--- az login ---$reset"

if [ $LOGON_USING_SPN == "true" ]; then
  echo "Using SPN"
  az login --service-principal --username $CP_ARM_CLIENT_ID --password=$CP_ARM_CLIENT_SECRET --tenant $CP_ARM_TENANT_ID --output none
else
  az login --identity --allow-no-subscriptions --output none
fi

return_code=$?
if [ 0 != $return_code ]; then
  echo -e "$boldred--- Login failed ---$reset"
  echo "##vso[task.logissue type=error]az login failed."
  exit $return_code
fi

echo -e "$green --- Set secrets ---$reset"

$SAP_AUTOMATION_REPO_PATH/deploy/scripts/set_secrets.sh --workload --vault "${key_vault}" --environment "${ENVIRONMENT}" \ --region "${LOCATION}" --subscription $WL_ARM_SUBSCRIPTION_ID --spn_id $WL_ARM_CLIENT_ID --spn_secret "${WL_ARM_CLIENT_SECRET}" \ --tenant_id $WL_ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" az keyvault set-policy --name "${key_vault}" --object-id $WL_ARM_OBJECT_ID --secret-permissions get list --output none fi

debug_variable='--output none' debug_variable=''

az login --service-principal --username $CP_ARM_CLIENT_ID --password=$CP_ARM_CLIENT_SECRET --tenant $CP_ARM_TENANT_ID --output none

isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $CP_ARM_CLIENT_ID)

tfstate_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv)

if [ -n "${isUserAccessAdmin}" ]; then

echo -e "$green--- Set permissions ---$reset" perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Reader" --query "[?principalId=='$WL_ARM_CLIENT_ID'].principalId | [0]" -o tsv --only-show-errors) if [ -z "$perms" ]; then echo -e "$green --- Assign subscription permissions to $perms ---$reset" az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Reader" --scope "/subscriptions/${STATE_SUBSCRIPTION}" --output none fi

perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Storage Account Contributor" --scope "${tfstate_resource_id}" --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalName | [0]" -o tsv  --only-show-errors)
if [ -z "$perms" ]; then
  echo "Assigning Storage Account Contributor permissions for $WL_ARM_OBJECT_ID to ${tfstate_resource_id}"
  az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID  --assignee-principal-type ServicePrincipal --role "Storage Account Contributor" --scope "${tfstate_resource_id}" --output none
fi

resource_group_name=$(az resource show --id "${tfstate_resource_id}" --query resourceGroup -o tsv)

if [ -n ${resource_group_name} ]; then for scope in $(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/privateDnsZones --query "[].id" --output tsv); do perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Private DNS Zone Contributor" --scope $scope --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) if [ -z "$perms" ]; then echo "Assigning DNS Zone Contributor permissions for $WL_ARM_OBJECT_ID to ${scope}" az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Private DNS Zone Contributor" --scope $scope --output none fi done fi

resource_group_name=$(az keyvault show --name "${key_vault}" --query resourceGroup --subscription ${STATE_SUBSCRIPTION} -o tsv)

if [ -n ${resource_group_name} ]; then
  resource_group_id=$(az group show --name ${resource_group_name} --subscription ${STATE_SUBSCRIPTION} --query id -o tsv)

  vnet_resource_id=$(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/virtualNetworks -o tsv --query "[].id | [0]")
  if [ -n "${vnet_resource_id}" ]; then
    perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Network Contributor"  --scope $vnet_resource_id --only-show-errors --query "[].principalId | [0]"  --assignee $WL_ARM_OBJECT_ID -o tsv --only-show-errors)

    if [ -z "$perms" ]; then
      echo "Assigning Network Contributor rights for $WL_ARM_OBJECT_ID to ${vnet_resource_id}"
      az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID  --assignee-principal-type ServicePrincipal --role "Network Contributor"  --scope $vnet_resource_id --output none
    fi
  fi

fi else echo "##vso[task.logissue type=warning]Service Principal $CP_ARM_CLIENT_ID does not have 'User Access Administrator' permissions. Please ensure that the service principal $WL_ARM_CLIENT_ID has permissions on the Terrafrom state storage account and if needed on the Private DNS zone and the source management network resource" fi

echo -e "$green--- Deploy the workload zone ---$reset" cd $CONFIG_REPO_PATH/LANDSCAPE/DEV-WEEU-SAP01-INFRASTRUCTURE if [ -f /etc/profile.d/deploy_server.sh ]; then az logout --output none if [ $LOGON_USING_SPN == "true" ]; then echo "Logon Using SPN"

  export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID
  export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET
  export ARM_TENANT_ID=$WL_ARM_TENANT_ID
  export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID
  export ARM_USE_MSI=false
  az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none
  return_code=$?
  if [ 0 != $return_code ]; then
    echo -e "$boldred--- Login failed ---$reset"
    echo "##vso[task.logissue type=error]az login failed."
    exit $return_code
  fi
else
  export ARM_USE_MSI=true
  az login --identity --allow-no-subscriptions --output none
fi

else export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET export ARM_TENANT_ID=$WL_ARM_TENANT_ID export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID export ARM_USE_MSI=false az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none return_code=$? if [ 0 != $return_code ]; then echo -e "$boldred--- Login failed ---$reset" echo "##vso[task.logissue type=error]az login failed." exit $return_code fi

fi

$SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars \ --deployer_environment MGMT --subscription ea5ea3d1-e269-43a5-81f8-17e0f331a78e \ --spn_id $WL_ARM_CLIENT_ID --spn_secret $WL_ARM_CLIENT_SECRET --tenant_id $WL_ARM_TENANT_ID \ --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado return_code=$?

echo "Return code: ${return_code}" if [ -f ${workload_environment_file_name} ]; then export workload_key_vault=$(cat ${workload_environment_file_name} | grep workloadkeyvault= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} export workload_prefix=$(cat ${workload_environment_file_name} | grep workload_zone_prefix= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Prefix' ${workload_prefix} export landscape_tfstate_key=$(cat ${workload_environment_file_name} | grep landscape_tfstate_key= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Zone State File' $landscape_tfstate_key fi

az logout --output none

az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "FENCING_SPN_ID.value") if [ -z ${az_var} ]; then echo "##vso[task.logissue type=warning]Variable FENCING_SPN_ID is not set. Required for highly available deployments" else export fencing_id=$(az keyvault secret list --vault-name $workload_key_vault --query [].name -o tsv | grep ${workload_prefix}-fencing-spn-id | xargs) if [ -z "$fencing_id" ]; then az keyvault secret set --name ${workload_prefix}-fencing-spn-id --vault-name $workload_key_vault --value $(FENCING_SPN_ID) --output none az keyvault secret set --name ${workload_prefix}-fencing-spn-pwd --vault-name $workload_key_vault --value=$FENCING_SPN_PWD --output none az keyvault secret set --name ${workload_prefix}-fencing-spn-tenant --vault-name $workload_key_vault --value $(FENCING_SPN_TENANT) --output none fi fi

echo -e "$green--- Add & update files in the DevOps Repository ---$reset" cd /home/azureadm/agent/_work/2/s/config git pull

echo -e "$green--- Pull latest ---$reset" cd $CONFIG_REPO_PATH git pull

added=0 if [ -f ${workload_environment_file_name} ]; then git add ${workload_environment_file_name} added=1 fi if [ -f ${workload_environment_file_name}.md ]; then git add ${workload_environment_file_name}.md added=1 fi if [ -f WORKSPACES/LANDSCAPE/DEV-WEEU-SAP01-INFRASTRUCTURE/.terraform/terraform.tfstate ]; then git add -f WORKSPACES/LANDSCAPE/DEV-WEEU-SAP01-INFRASTRUCTURE/.terraform/terraform.tfstate added=1 fi if [ 1 == $added ]; then git config --global user.email "sathakur4022@outlook.com" git config --global user.name "Sanjeev Thakur" git commit -m "Added updates from devops deployment SAP Workload Zone deployment [skip ci]" git -c http.extraheader="AUTHORIZATION: bearer ***" push --set-upstream origin main fi

if [ -f ${workload_environment_file_name}.md ]; then echo "##vso[task.uploadsummary]${workload_environment_file_name}.md" fi echo -e "$green--- Adding variables to the variable group" SDAF-DEV "---$reset" if [ -n $VARIABLE_GROUP_ID ]; then az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Terraform_Remote_Storage_Account_Name.value --output table) if [ -n "${az_var}" ]; then az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value "${REMOTE_STATE_SA}" --output none --only-show-errors else az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value "${REMOTE_STATE_SA}" --output none --only-show-errors fi

az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Terraform_Remote_Storage_Subscription.value --output table)
if [ -n "${az_var}" ]; then
  az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors
else
  az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors
fi

az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Deployer_State_FileName.value --output table)
if [ -n "${az_var}" ]; then
  az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value "${deployer_tfstate_key}" --output none --only-show-errors
else
  az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value "${deployer_tfstate_key}" --output none --only-show-errors
fi

az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Deployer_Key_Vault.value --output table)
if [ -n "${az_var}" ]; then
  az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${key_vault} --output none --only-show-errors
else
  az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${key_vault} --output none --only-show-errors
fi

az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Key_Vault.value --output table)
if [ -n "${az_var}" ]; then
  az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Key_Vault --value $workload_key_vault --output none --only-show-errors
else
  az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Key_Vault --value $workload_key_vault --output none --only-show-errors
fi

az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Secret_Prefix.value --output table)
if [ -n "${az_var}" ]; then
  az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Secret_Prefix --value "${workload_prefix}" --output none --only-show-errors
else
  az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Secret_Prefix --value "${workload_prefix}" --output none --only-show-errors
fi

az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Zone_State_FileName.value --output table)
if [ -n "${az_var}" ]; then
  az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Zone_State_FileName --value "${landscape_tfstate_key}" --output none --only-show-errors
else
  az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Zone_State_FileName --value "${landscape_tfstate_key}" --output none --only-show-errors
fi

az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query WZ_PAT.isSecret --output table)
if [ -n "${az_var}" ]; then
  az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name WZ_PAT --value $AZURE_DEVOPS_EXT_PAT --output none --only-show-errors --secret true
else
  az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name WZ_PAT --value $AZURE_DEVOPS_EXT_PAT --output none --only-show-errors --secret true
fi

fi

if [ 0 != $return_code ]; then echo "##vso[task.logissue type=error]Return code from install_workloadzone $return_code." if [ -f ${workload_environment_file_name}.err ]; then error_message=$(cat ${workload_environment_file_name}.err) echo "##vso[task.logissue type=error]Error message: $error_message." fi

fi

exit $return_code 2024-03-09T15:12:58.6268079Z Generating script. 2024-03-09T15:12:58.6268414Z ##[debug]which 'bash' 2024-03-09T15:12:58.6268729Z ##[debug]found: '/usr/bin/bash' 2024-03-09T15:12:58.6269003Z ##[debug]Agent.Version=3.234.0 2024-03-09T15:12:58.6269395Z ##[debug]agent.tempDirectory=/home/azureadm/agent/_work/_temp 2024-03-09T15:12:58.6269863Z ##[debug]check path : /home/azureadm/agent/_work/_temp 2024-03-09T15:12:58.6270098Z ========================== Starting Command Output =========================== 2024-03-09T15:12:58.6270363Z ##[debug]which '/usr/bin/bash' 2024-03-09T15:12:58.6270634Z ##[debug]found: '/usr/bin/bash' 2024-03-09T15:12:58.6270977Z ##[debug]/usr/bin/bash arg: /home/azureadm/agent/_work/_temp/3bae54ec-e2fa-450f-abbd-cd69128c649d.sh 2024-03-09T15:12:58.6271366Z ##[debug]exec tool: /usr/bin/bash 2024-03-09T15:12:58.6271645Z ##[debug]arguments: 2024-03-09T15:12:58.6271977Z ##[debug] /home/azureadm/agent/_work/_temp/3bae54ec-e2fa-450f-abbd-cd69128c649d.sh 2024-03-09T15:12:58.6272531Z [command]/usr/bin/bash /home/azureadm/agent/_work/_temp/3bae54ec-e2fa-450f-abbd-cd69128c649d.sh 2024-03-09T15:12:58.6309006Z ##[debug]Update build number for build: 811 to: Deploying the SAP Workload zone defined in DEV-WEEU-SAP01-INFRASTRUCTURE at backend. 2024-03-09T15:12:58.6365221Z ##[debug]Processed: ##vso[build.updatebuildnumber]Deploying the SAP Workload zone defined in DEV-WEEU-SAP01-INFRASTRUCTURE 2024-03-09T15:12:59.2378659Z azureadm account ready for use with Azure SAP Automated Deployment 2024-03-09T15:12:59.2380243Z --- DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars was not found --- 2024-03-09T15:12:59.2422894Z ##[error]File DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars was not found. 2024-03-09T15:12:59.2442511Z ##[debug]Processed: ##vso[task.logissue type=error]File DEV-WEEU-SAP01-INFRASTRUCTURE.tfvars was not found. 2024-03-09T15:12:59.2442876Z 2024-03-09T15:12:59.2443290Z ##[debug]Exit code 2 received from tool '/usr/bin/bash' 2024-03-09T15:12:59.2443597Z ##[debug]STDIO streams have closed for tool '/usr/bin/bash' 2024-03-09T15:12:59.2444031Z ##[error]Bash exited with code '2'. 2024-03-09T15:12:59.2444464Z ##[debug]Processed: ##vso[task.issue type=error;]Bash exited with code '2'. 2024-03-09T15:12:59.2444773Z ##[debug]task result: Failed 2024-03-09T15:12:59.2453084Z ##[debug]Processed: ##vso[task.complete result=Failed;done=true;] 2024-03-09T15:12:59.2456580Z ##[section]Async Command Start: Update Build Number 2024-03-09T15:12:59.9247800Z Update build number to Deploying the SAP Workload zone defined in DEV-WEEU-SAP01-INFRASTRUCTURE for build 811 2024-03-09T15:12:59.9248017Z ##[section]Async Command End: Update Build Number 2024-03-09T15:12:59.9248874Z ##[section]Finishing: Deploy SAP Workload Zone