From 63086b6300fe4845967ab02d9bdf67840d0b8103 Mon Sep 17 00:00:00 2001 From: mukul-palit Date: Mon, 22 Sep 2025 14:13:56 +0530 Subject: [PATCH 1/2] adding pre validation ansible script --- .catalog-onboard-pipeline.yaml | 1 + .../validate-pre-ansible-playbook.yaml | 103 ++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 solutions/fully-configurable/scripts/validate-pre-ansible-playbook.yaml diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index c6cdf2dc..2608d9ed 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -5,6 +5,7 @@ offerings: kind: solution catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd offering_id: 63d8ae58-fbf3-41ce-b844-0fb5b85882ab + include_git_submodules: true # Including submodules in the tar package to avoid SHA validation errors during Ansible playbook execution. variations: - name: fully-configurable mark_ready: true diff --git a/solutions/fully-configurable/scripts/validate-pre-ansible-playbook.yaml b/solutions/fully-configurable/scripts/validate-pre-ansible-playbook.yaml new file mode 100644 index 00000000..c376e93e --- /dev/null +++ b/solutions/fully-configurable/scripts/validate-pre-ansible-playbook.yaml @@ -0,0 +1,103 @@ +--- +- name: Find IBM Cloud Log Routing Tenants in Specific Regions + hosts: localhost + connection: local + gather_facts: false + + vars: + ibmcloud_api_key: "{{ lookup('env', 'ibmcloud_api_key') }}" + logs_routing_tenant_regions: "{{ lookup('env', 'logs_routing_tenant_regions') | default('') }}" + target_service_name: "logs-router" + + tasks: + - name: Display environment variable values + ansible.builtin.debug: + msg: + - "ibmcloud_api_key: {{ ibmcloud_api_key }}" + - "logs_routing_tenant_regions: {{ logs_routing_tenant_regions }}" + + - name: Ensure API key and regions are set + ansible.builtin.fail: + msg: "The ibmcloud_api_key or logs_routing_tenant_regions environment variable is not set." + when: ibmcloud_api_key | length == 0 or logs_routing_tenant_regions | length == 0 + + - name: Log in to IBM Cloud + ansible.builtin.shell: | + ibmcloud login --apikey "{{ ibmcloud_api_key }}" --no-region -q >/dev/null 2>&1 + register: ibmcloud_login_result + changed_when: false + failed_when: ibmcloud_login_result.rc != 0 or 'FAILED' in ibmcloud_login_result.stderr or 'Error' in ibmcloud_login_result.stderr + + - name: Display IBM Cloud login success message + ansible.builtin.debug: + msg: "Authentication successful." + when: ibmcloud_login_result.rc == 0 + + - name: Get IAM token for API calls + ansible.builtin.shell: | + ibmcloud iam oauth-tokens --output JSON | jq -r '.iam_token' + register: iam_token_result + changed_when: false + failed_when: iam_token_result.rc != 0 + + - name: Parse regions from environment variable + set_fact: + regions_list: "{{ ('[' + logs_routing_tenant_regions | replace('[', '') | replace(']', '') | replace('\"', '') + ']') | from_yaml }}" + + - name: Loop through each region and find log routing tenants + ansible.builtin.uri: + url: "https://management.{{ item }}.logs-router.cloud.ibm.com/v1/tenants" + method: GET + headers: + Authorization: "{{ iam_token_result.stdout }}" + IBM-API-Version: 2025-08-06 + return_content: true + validate_certs: true + register: api_response + loop: "{{ regions_list }}" + loop_control: + loop_var: item + ignore_errors: true + + - name: Consolidate and filter all found tenants into a single list + set_fact: + all_found_tenants: > + {{ api_response.results + | selectattr('status', 'equalto', 200) + | map(attribute='content') + | map('from_json') + | map(attribute='tenants') + | flatten + | selectattr('crn', 'search', 'logs-router') + | rejectattr('service_name', 'defined') + | list }} + + - name: Format the output for found tenants + set_fact: + formatted_tenants: | + {% for tenant in all_found_tenants %} + Tenant Name: {{ tenant.name }} + Tenant ID: {{ tenant.id }} + Region: {{ tenant.crn.split(':')[5] }} + Log Sink CRN: {{ tenant.targets[0].log_sink_crn | default('N/A') }} + Log Router CRN: {{ tenant.crn }} + {% endfor %} + when: all_found_tenants | length > 0 + + - name: Fail if any tenants were found + ansible.builtin.fail: + msg: | + Active log routing tenants were found. + {{ formatted_tenants }} + when: all_found_tenants | length > 0 + + - name: Inform that no tenants were found + ansible.builtin.debug: + msg: "No active log routing tenants were found in any specified region. The check passed successfully." + when: all_found_tenants | length == 0 + + - name: Log out of IBM Cloud + ansible.builtin.shell: | + ibmcloud logout >/dev/null 2>&1 + changed_when: false + failed_when: false \ No newline at end of file From 4350b5d08905e4345f508338df917592509becd3 Mon Sep 17 00:00:00 2001 From: mukul-palit Date: Wed, 24 Sep 2025 12:08:48 +0530 Subject: [PATCH 2/2] test script --- .../validate-pre-ansible-playbook.yaml | 178 +++++++++--------- 1 file changed, 92 insertions(+), 86 deletions(-) diff --git a/solutions/fully-configurable/scripts/validate-pre-ansible-playbook.yaml b/solutions/fully-configurable/scripts/validate-pre-ansible-playbook.yaml index c376e93e..a687f39d 100644 --- a/solutions/fully-configurable/scripts/validate-pre-ansible-playbook.yaml +++ b/solutions/fully-configurable/scripts/validate-pre-ansible-playbook.yaml @@ -3,101 +3,107 @@ hosts: localhost connection: local gather_facts: false - vars: ibmcloud_api_key: "{{ lookup('env', 'ibmcloud_api_key') }}" logs_routing_tenant_regions: "{{ lookup('env', 'logs_routing_tenant_regions') | default('') }}" - target_service_name: "logs-router" - + target_service_name: logs-router tasks: - - name: Display environment variable values - ansible.builtin.debug: - msg: - - "ibmcloud_api_key: {{ ibmcloud_api_key }}" - - "logs_routing_tenant_regions: {{ logs_routing_tenant_regions }}" - - name: Ensure API key and regions are set ansible.builtin.fail: - msg: "The ibmcloud_api_key or logs_routing_tenant_regions environment variable is not set." - when: ibmcloud_api_key | length == 0 or logs_routing_tenant_regions | length == 0 - - - name: Log in to IBM Cloud - ansible.builtin.shell: | - ibmcloud login --apikey "{{ ibmcloud_api_key }}" --no-region -q >/dev/null 2>&1 - register: ibmcloud_login_result - changed_when: false - failed_when: ibmcloud_login_result.rc != 0 or 'FAILED' in ibmcloud_login_result.stderr or 'Error' in ibmcloud_login_result.stderr + msg: The ibmcloud_api_key or logs_routing_tenant_regions environment variable is + not set. + when: ibmcloud_api_key | length == 0 or logs_routing_tenant_regions | length == + 0 + - name: Find IBM Cloud Monitoring Instance + block: + - name: Log in to IBM Cloud + ansible.builtin.shell: > + ibmcloud login --apikey "{{ ibmcloud_api_key }}" + --no-region -q >/dev/null 2>&1 + register: ibmcloud_login_result + changed_when: false + failed_when: ibmcloud_login_result.rc != 0 or 'FAILED' in + ibmcloud_login_result.stderr or 'Error' in + ibmcloud_login_result.stderr + - name: Display IBM Cloud login success message + ansible.builtin.debug: + msg: Authentication successful. + when: ibmcloud_login_result.rc == 0 + - name: Get IAM token for API calls + ansible.builtin.shell: ibmcloud iam oauth-tokens --output JSON + register: ibmcloud_token_output + changed_when: false + failed_when: ibmcloud_token_output.rc != 0 + - name: Extract and set IAM token + set_fact: + iam_token_result: "{{ ibmcloud_token_output.stdout | from_json | + json_query('iam_token') }}" + - name: Parse regions from environment variable + set_fact: + regions_list: "{{ logs_routing_tenant_regions | from_yaml }}" + - name: Loop through each region and find log routing tenants + ansible.builtin.uri: + url: https://management.{{ item }}.logs-router.cloud.ibm.com/v1/tenants + method: GET + headers: + Authorization: "{{ iam_token_result }}" + IBM-API-Version: 2025-08-06 + return_content: true + validate_certs: true + register: api_response + loop: "{{ regions_list }}" + loop_control: + loop_var: item + ignore_errors: true + - name: Consolidate and filter all found tenants into a single list + set_fact: + all_found_tenants: | + {{ api_response.results + | selectattr('status', 'equalto', 200) + | map(attribute='content') + | map('from_json') + | map(attribute='tenants') + | flatten + | selectattr('crn', 'search', 'logs-router') + | rejectattr('service_name', 'defined') + | list }} + - name: Format the output for found tenants + set_fact: + formatted_tenants: > + {% for tenant in all_found_tenants %} - - name: Display IBM Cloud login success message - ansible.builtin.debug: - msg: "Authentication successful." - when: ibmcloud_login_result.rc == 0 + Tenant Name: {{ tenant.name }} - - name: Get IAM token for API calls - ansible.builtin.shell: | - ibmcloud iam oauth-tokens --output JSON | jq -r '.iam_token' - register: iam_token_result - changed_when: false - failed_when: iam_token_result.rc != 0 + Tenant ID: {{ tenant.id }} - - name: Parse regions from environment variable - set_fact: - regions_list: "{{ ('[' + logs_routing_tenant_regions | replace('[', '') | replace(']', '') | replace('\"', '') + ']') | from_yaml }}" - - - name: Loop through each region and find log routing tenants - ansible.builtin.uri: - url: "https://management.{{ item }}.logs-router.cloud.ibm.com/v1/tenants" - method: GET - headers: - Authorization: "{{ iam_token_result.stdout }}" - IBM-API-Version: 2025-08-06 - return_content: true - validate_certs: true - register: api_response - loop: "{{ regions_list }}" - loop_control: - loop_var: item - ignore_errors: true + Region: {{ tenant.crn.split(':')[5] }} - - name: Consolidate and filter all found tenants into a single list - set_fact: - all_found_tenants: > - {{ api_response.results - | selectattr('status', 'equalto', 200) - | map(attribute='content') - | map('from_json') - | map(attribute='tenants') - | flatten - | selectattr('crn', 'search', 'logs-router') - | rejectattr('service_name', 'defined') - | list }} - - - name: Format the output for found tenants - set_fact: - formatted_tenants: | - {% for tenant in all_found_tenants %} - Tenant Name: {{ tenant.name }} - Tenant ID: {{ tenant.id }} - Region: {{ tenant.crn.split(':')[5] }} - Log Sink CRN: {{ tenant.targets[0].log_sink_crn | default('N/A') }} - Log Router CRN: {{ tenant.crn }} - {% endfor %} - when: all_found_tenants | length > 0 + Log Sink CRN: {{ tenant.targets[0].log_sink_crn | default('N/A') }} - - name: Fail if any tenants were found - ansible.builtin.fail: - msg: | - Active log routing tenants were found. - {{ formatted_tenants }} - when: all_found_tenants | length > 0 + Log Router CRN: {{ tenant.crn }} - - name: Inform that no tenants were found - ansible.builtin.debug: - msg: "No active log routing tenants were found in any specified region. The check passed successfully." - when: all_found_tenants | length == 0 - - - name: Log out of IBM Cloud - ansible.builtin.shell: | - ibmcloud logout >/dev/null 2>&1 - changed_when: false - failed_when: false \ No newline at end of file + {% endfor %} + when: all_found_tenants | length > 0 + - name: Fail if any tenants were found + ansible.builtin.fail: + msg: | + Active log routing tenants were found. + {{ formatted_tenants }} + when: all_found_tenants | length > 0 + - name: Inform that no tenants were found + ansible.builtin.debug: + msg: No active log routing tenants were found in any specified region. The check + passed successfully. + when: all_found_tenants | length == 0 + when: ibmcloud_api_key | length > 0 and logs_routing_tenant_regions | length > 0 + rescue: + - name: Fail with a specific error message + ansible.builtin.fail: + msg: An unhandled error occurred in the primary block. Check previous task + output for details. + always: + - name: Log out of IBM Cloud + ansible.builtin.shell: | + ibmcloud logout >/dev/null 2>&1 + changed_when: false + failed_when: false \ No newline at end of file