deploy/ansible/roles-sap/0.1-bom-validator/tasks/bom

# Copyright (c) Microsoft Corporation. # Licensed under the MIT License. --- # -------------------------------------+---------------------------------------8 # Step: 01 # Description: Initialize facts # - name: "{{ task_prefix }} - BOM: {{ bom_name }} Download {{ bom_media_entry.archive }}" ansible.builtin.set_fact: task_prefix: bom_download # set the fact so it is globally availabe proceed: true vars: task_prefix: bom_download # make the fact locally available # Step: 01 - END # -------------------------------------+---------------------------------------8 # -------------------------------------+-----------------------------------------8 # Step: 02 # Description: Informational # - name: "{{ task_prefix }} - Informational" ansible.builtin.debug: var: bom_media_entry verbosity: 1 - name: "{{ task_prefix }} - Informational" ansible.builtin.debug: msg: |- check_storage_account: {{ check_storage_account }} verbosity: 1 # Step: 02 - END # -------------------------------------+---------------------------------------8 # -------------------------------------+---------------------------------------8 # Step: 03 # Description: # - name: "{{ task_prefix }} - BOM: {{ bom_name }} Check Storage Account for {{ bom_media_entry.archive }}" when: - check_storage_account | bool - sa_enabled - allowSharedKeyAccess block: # -----------------------------------+-----------------------------------------8 # Step: 03-01 # Description: # - name: "{{ task_prefix }} - BOM: {{ bom_name }} Check is file {{ bom_media_entry.archive }} is already downloaded" ansible.builtin.uri: url: "{{ sapbits_location_base_path }}/{{ sapbits_bom_files }}/archives/{{ bom_media_entry.archive }}{% if sapbits_sas_token is not undefined %}?{{ sapbits_sas_token }}{% endif %}" status_code: [200, 403, 404, 409] method: HEAD register: blob_exists - name: "{{ task_prefix }} - Informational" ansible.builtin.debug: var: blob_exists verbosity: 1 # Step: 03-01 - END # -------------------------------+---------------------------------------------8 # -------------------------------+---------------------------------------------8 # Step: 03-02 # Description: Validate the url status. Fail if authentication fails # - name: "{{ task_prefix }} - BOM: {{ bom_name }} Authentication error {{ bom_media_entry.archive }}" ansible.builtin.fail: msg: "Authentication error, please check the SAS token" when: blob_exists.status == 403 # Step: 03-02 - END # -------------------------------+---------------------------------------------8 # -------------------------------+---------------------------------------------8 # Step: 03-03 # Description: # - name: "{{ task_prefix }} - BOM: {{ bom_name }} Set Fact {{ bom_media_entry.archive }}" ansible.builtin.set_fact: proceed: false when: blob_exists.status != 404 # Step: 03-03 - END # -------------------------------------+---------------------------------------8 - name: "{{ task_prefix }} - BOM: {{ bom_name }} Check Storage Account for {{ bom_media_entry.archive }}" when: - check_storage_account | bool - sa_enabled - not allowSharedKeyAccess block: # -----------------------------------+-----------------------------------------8 # Step: 03-01 # Description: # - name: "{{ task_prefix }} - BOM: {{ bom_name }} Check is file {{ bom_media_entry.archive }} is already downloaded" ansible.builtin.command: >- az storage blob show --account-name {{ account }} --container-name {{ sapbits_location_base_path.rpartition('//')[2].split('/')[1] }} --auth-mode login --name {{ sapbits_bom_files }}/archives/{{ bom_media_entry.archive }} --query name --output tsv delegate_to: localhost register: azresult ignore_errors: true - name: "{{ task_prefix }} - Informational" ansible.builtin.debug: var: azresult verbosity: 2 # Step: 03-01 - END # -------------------------------+---------------------------------------------8 # -------------------------------+---------------------------------------------8 # Step: 03-02 - END # -------------------------------+---------------------------------------------8 # -------------------------------+---------------------------------------------8 # Step: 03-03 # Description: # - name: "{{ task_prefix }} - BOM: {{ bom_name }} Set Fact {{ bom_media_entry.archive }}" ansible.builtin.set_fact: proceed: false when: azresult.rc == 0 # Step: 03-03 - END # -------------------------------+---------------------------------------------8 # Step: 03 - END # -------------------------------------+---------------------------------------------8 # -------------------------------------+---------------------------------------------8 # Step: 04 # Description: Informational check of the proceed parameter. # - name: "{{ task_prefix }} - Informational check of the proceed parameter" ansible.builtin.assert: that: - "proceed" success_msg: |- Download for file {{ bom_media_entry.archive }}: ENABLED Downloading... proceed: {{ proceed }} fail_msg: |- Download for file {{ bom_media_entry.archive }}: DISABLED Skipping download... proceed: {{ proceed }} failed_when: false # Step: 04 - END # -----------------------------------+-----------------------------------------8 # -----------------------------------+-----------------------------------------8 # Step: 05 # Description: # - name: "BOM: Download File {{ bom_media_entry.archive }}" block: # -----------------------------------+-----------------------------------------8 # Step: 05-01 # Description: # - name: "BOM: {{ bom_name }} Download File" block: # -------------------------------+---------------------------------------------8 # Step: 05-01-01 # Description: # - name: "BOM: {{ bom_name }} Download File {{ bom_media_entry.archive }}" ansible.builtin.get_url: url: "{{ bom_media_entry.url | string | trim }}" dest: "{{ download_directory }}/files/{{ bom_media_entry.archive }}" tmp_dest: "{{ download_directory }}/tmp" url_username: "{{ s_user }}" url_password: "{{ s_password }}" force_basic_auth: true http_agent: 'SAP Software Download' timeout: 60 mode: 0644 become: "{{ bom_processing_become }}" register: result until: result is succeeded or not result.changed retries: 2 delay: 1 no_log: false rescue: # -------------------------------+---------------------------------------------8 # Step: 05-01-01-on-failure-01 # Description: # - name: "BOM: Ensure URL is correct" ansible.builtin.set_fact: file_url: "{{ bom_media_entry.url | lower | urlsplit('scheme') }}://{{ bom_media_entry.url | lower | urlsplit('hostname') }}/{{ bom_media_entry.url | lower | urlsplit('path') | replace('\"', '') }}" # Step: 05-01-01-on-failure-01 - END # ---------------------------+-------------------------------------------------8 # -----------------------------------+-----------------------------------------8 # Step: 05-01-01-on-failure-02 # Description: # - name: "BOM: Ensure URL is correct" ansible.builtin.debug: msg: - "file_url: '{{ file_url }}" # Step: 05-01-01-on-failure-02 - END # ---------------------------+-------------------------------------------------8 # ---------------------------+-------------------------------------------------8 # Step: 05-01-01-on-failure-03 # Description: # - name: "BOM: {{ bom_name }} Download File {{ bom_media_entry.archive }}" ansible.builtin.get_url: url: "{{ file_url | trim }}" dest: "{{ download_directory }}/files/{{ bom_media_entry.archive }}" tmp_dest: "{{ download_directory }}/tmp" url_username: "{{ s_user }}" url_password: "{{ s_password }}" force_basic_auth: true http_agent: 'SAP Software Download' timeout: 60 mode: 0644 # become: "{{ bom_processing_become }}" # become_user: root register: result no_log: false # failed_when: false # Step: 05-01-01-on-failure-03 - END # ---------------------------+-------------------------------------------------8 # Step: 05-01-01 - END # ---------------------------+-------------------------------------------------8 # Step: 05-01 - END # -----------------------------------+-----------------------------------------8 # -----------------------------------+-----------------------------------------8 # Step: 05-02 # Description: # - name: "BOM: {{ bom_name }} Download File {{ bom_media_entry.archive }}" ansible.builtin.debug: var: result verbosity: 1 # Step: 05-02 - END # -----------------------------------+-----------------------------------------8 # -----------------------------------+-----------------------------------------8 # Step: 05-03 # Description: Checksum block # - name: "BOM: Create checksums" block: # -------------------------------+---------------------------------------------8 # Step: 05-03-01 # Description: # - name: "BOM: Verify Files" ansible.builtin.stat: path: "{{ result.dest }}" checksum_algorithm: sha256 register: fs_check - name: "BOM: Show" ansible.builtin.debug: var: fs_check verbosity: 1 - name: "BOM: Show" ansible.builtin.debug: var: create_checksums verbosity: 1 # Step: 05-03-01 - END # -------------------------------+---------------------------------------------8 # -------------------------------+---------------------------------------------8 # Step: 05-03-02 # Description: # - name: "block" block: # ---------------------------+-------------------------------------------------8 # Step: 05-03-02-01 # Description: # # # MKD - Interesting change to task, but ultimately leaves room for error. # # It can identify an incorrectly indentented line and insert a line # # after with a fixed indentation that breakes the yaml structure. # # This was noticed in a merge conflict during resolution prior to a # # pull request for the dynamic bom # - name: "BOM: Line" # ansible.builtin.blockinfile: # path: "{{ bom_file }}" # # regexp: ' archive: {{ item.archive }}' # insertafter: '^\s*archive:\s*{{ item.archive }}' # block: " checksum: {{ fs_check.stat.checksum }}" # marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.archive }}" # when: # - fs_check is defined # - create_checksums is defined # - bom_file is defined - name: "BOM: Line" ansible.builtin.blockinfile: path: "{{ bom_file }}" insertafter: ' archive: {{ bom_media_entry.archive }}' block: " checksum: {{ fs_check.stat.checksum }}" marker: "# {mark} ANSIBLE MANAGED BLOCK {{ bom_media_entry.archive }}" when: - fs_check is defined - create_checksums is defined - bom_file is defined # Step: 05-03-02-01 - END # ---------------------------+-------------------------------------------------8 # ---------------------------+-------------------------------------------------8 # Step: 05-03-02-02 # Description: # - name: "BOM: Remove marker" ansible.builtin.lineinfile: path: "{{ bom_file }}" regexp: '# BEGIN ANSIBLE MANAGED BLOCK {{ bom_media_entry.archive }}' state: absent - name: "BOM: Remove marker" ansible.builtin.lineinfile: path: "{{ bom_file }}" regexp: '# END ANSIBLE MANAGED BLOCK {{ bom_media_entry.archive }}' state: absent # Step: 05-03-02-02 - END # ---------------------------+-------------------------------------------------8 when: - bom_media_entry.checksum is defined - bom_media_entry.checksum | bool is not true # Step: 05-03-02 - END # -------------------------------+---------------------------------------------8 # -------------------------------+---------------------------------------------8 # Step: 05-03-03 # Description: Update in memory BOM # - name: "block" block: # ---------------------------+-------------------------------------------------8 # Step: 05-03-03-01 # Description: # - name: "Update BOM" ansible.builtin.set_fact: bom: "{{ bom_update }}" vars: bom_update: "{#- -#}{% set _ = bom.materials.media[bom_media_index].update({'checksum': fs_check.stat.checksum}) -%} {{ bom }}" # Step: 05-03-03-01 - END # ---------------------------+-------------------------------------------------8 # ---------------------------+-------------------------------------------------8 # Step: 05-03-03-02 # Description: # - name: "BOM: Show" ansible.builtin.debug: var: bom.materials.media[bom_media_index] verbosity: 1 # Step: 05-03-03-02 - END # ---------------------------+-------------------------------------------------8 when: - create_checksums is defined # Step: 05-03-03 - END # -------------------------------+---------------------------------------------8 when: - bom_media_entry.checksum is not defined # Step: 05-03 - END # -----------------------------------+-----------------------------------------8 # -----------------------------------+-----------------------------------------8 # Step: 05-04 # Description: # - name: "Upload file" block: # 03) Upload files to Azure # TODO - put this in a block # -------------------------------+---------------------------------------------8 # Step: 05-04-01 # Description: # - name: "BOM: {{ bom_name }} Upload File {{ bom_media_entry.archive }} using SAS keys" when: - allowSharedKeyAccess - sapbits_sas_token is defined ansible.builtin.command: >- az storage blob upload --account-name {{ account }} --sas-token {{ sapbits_sas_token }} --container-name {{ container }} --name {{ bom_media_entry.archive }} --file {{ result.dest }} --if-none-match "*" --no-progress delegate_to: localhost register: azresult ignore_errors: true failed_when: - azresult.rc != 0 - azresult.stderr is defined - azresult.stderr.find("BlobAlreadyExists") == -1 - name: "BOM: {{ bom_name }} Upload File {{ bom_media_entry.archive }}" when: - not allowSharedKeyAccess ansible.builtin.command: >- az storage blob upload --account-name {{ account }} --container-name {{ container }} --auth-mode login --name {{ bom_media_entry.archive }} --file {{ result.dest }} --if-none-match "*" --no-progress delegate_to: localhost register: azresult ignore_errors: true failed_when: - azresult.rc != 0 - azresult.stderr is defined - azresult.stderr.find("BlobAlreadyExists") == -1 # Step: 05-04-01 - END # -------------------------------+---------------------------------------------8 # -------------------------------+---------------------------------------------8 # Step: 05-04-02 # Description: # - name: "BOM: {{ bom_name }} Remove File {{ bom_media_entry.archive }}" # become: true ansible.builtin.file: dest: "{{ download_directory }}/files/{{ bom_media_entry.archive }}" state: absent # Step: 05-04-02 - END # -------------------------------+---------------------------------------------8 when: - sa_enabled # Step: 05-04 - END # -----------------------------------+-----------------------------------------8 when: proceed # Step: 05 - END # -------------------------------------+---------------------------------------8 ... # /*---------------------------------------------------------------------------8 # | END | # +------------------------------------4--------------------------------------*/

deploy/ansible/roles-sap/0.1-bom-validator/tasks/bom_download.yaml (228 lines of code) (raw):