Progress on no NSG future

- Added validation for cluster config cloud node. - Added warning for use_network_security_groups and using use_public_ips. - Added skip_config flag to skip Ansible step if want to skip infrastructure. - Cluster delete not experimental anymore.
hitachienergy · Mar 2, 2020 · 9c1053c · 9c1053c
1 parent 546f064
commit 9c1053c
Show file tree

Hide file tree

Showing 4 changed files with 102 additions and 16 deletions.
diff --git a/core/src/epicli/cli/engine/BuildEngine.py b/core/src/epicli/cli/engine/BuildEngine.py
@@ -18,6 +18,7 @@ class BuildEngine(Step):
     def __init__(self, input_data):
         self.file = input_data.file
         self.skip_infrastructure = input_data.no_infra if hasattr(input_data, 'no_infra') else False
+        self.skip_config = input_data.skip_config if hasattr(input_data, 'skip_config') else False
         self.logger = Log(__name__)
 
         self.cluster_model = None
@@ -115,8 +116,9 @@ def apply(self):
         save_manifest(docs, self.cluster_model.specification.name)   
 
         # Run Ansible to provision infrastructure
-        with AnsibleRunner(self.cluster_model, docs) as ansible_runner:
-            ansible_runner.apply()
+        if not(self.skip_config):
+            with AnsibleRunner(self.cluster_model, docs) as ansible_runner:
+                ansible_runner.apply()
 
         return 0
 

diff --git a/core/src/epicli/cli/engine/providers/azure/InfrastructureBuilder.py b/core/src/epicli/cli/engine/providers/azure/InfrastructureBuilder.py
@@ -20,6 +20,7 @@ def __init__(self, docs):
         self.resource_group_name = resource_name(self.cluster_prefix, self.cluster_name, 'rg')
         self.region = self.cluster_model.specification.cloud.region
         self.use_network_security_groups = self.cluster_model.specification.cloud.network.use_network_security_groups
+        self.use_public_ips = self.cluster_model.specification.cloud.use_public_ips
         self.docs = docs
 
     def run(self):
@@ -43,6 +44,11 @@ def run(self):
             # So get it here and pass it allong.
             vm_config = self.get_virtual_machine(component_value, self.cluster_model, self.docs)
 
+            # If there are no security groups Ansible provisioning will fail because 
+            # SSH is not allowed then with public IPs on Azure.
+            if not(self.use_network_security_groups) and self.use_public_ips:
+                 self.logger.warning('Use of security groups has been disabled and public IP are used. Ansible run will fail because SSH will not be allowed.')            
+
             # For now only one subnet per component.
             if (len(component_value.subnets) > 1):
                 self.logger.warning(f'On Azure only one subnet per component is supported for now. Taking first and ignoring others.')    

diff --git a/core/src/epicli/cli/epicli.py b/core/src/epicli/cli/epicli.py
@@ -123,7 +123,13 @@ def apply_parser(subparsers):
     sub_parser.add_argument('-f', '--file', dest='file', type=str,
                             help='File with infrastructure/configuration definitions to use.')
     sub_parser.add_argument('--no-infra', dest='no_infra', action="store_true",
-                            help='Skip infrastructure provisioning.')
+                            help='''Skip terraform infrastructure provisioning. 
+                            Use this when you already have infrastructure available and only want to run the 
+                            Ansible role provisioning.''')
+    sub_parser.add_argument('--skip-config', dest='skip_config', action="store_true",
+                            help='''Skip Ansible role provisioning.
+                            Use this when you need to create cloud infrastructure and apply manual changes before
+                            you want to run the Ansible role provisioning.''')                         
     sub_parser.add_argument('--offline-requirements', dest='offline_requirements', type=str,
                             help='Path to the folder with pre-prepared offline requirements.')    
     sub_parser.add_argument('--vault-password', dest='vault_password', type=str,
@@ -154,12 +160,11 @@ def run_validate(args):
 
 
 def delete_parser(subparsers):
-    sub_parser = subparsers.add_parser('delete', description='[Experimental]: Delete a cluster from build artifacts.')
+    sub_parser = subparsers.add_parser('delete', description='Delete a cluster from build artifacts.')
     sub_parser.add_argument('-b', '--build', dest='build_directory', type=str, required=True,
                             help='Absolute path to directory with build artifacts.')
 
     def run_delete(args):
-        experimental_query()
         if not query_yes_no('Do you really want to delete your cluster?'):
             return 0
         adjust_paths_from_build(args)

diff --git a/core/src/epicli/data/common/validation/epiphany-cluster.yml b/core/src/epicli/data/common/validation/epiphany-cluster.yml
@@ -1,4 +1,4 @@
-"$id": "#/epiphany-cluster/specification"
+"$id": "#/specification"
 title: "Cluster specification schema"
 description: "The main cluster specification"
 type: object
@@ -8,7 +8,7 @@ required:
   - components
 properties: 
   prefix: 
-    "$id": "#/epiphany-cluster/properties/prefix"
+    "$id": "#/properties/prefix"
     title: "Cluster prefix"
     description: "A prefix the can be prepended to the cluster name"
     examples: 
@@ -19,25 +19,98 @@ properties:
     type: string
     pattern: "^[a-z0-9]{2,8}$"
   name: 
-    "$id": "#/epiphany-cluster/properties/name"
+    "$id": "#/properties/name"
     title: "Cluster name"
     description: "The name of the cluster"
     examples: 
       - clustername01
     type: string
     pattern: "^[a-z0-9\\-]{3,20}$"
   admin_user: 
-    "$id": "#/epiphany-cluster/properties/admin_user"
+    "$id": "#/properties/admin_user"
     title: "The admin_user Schema"
     description: "Settings needed for the SSH connection to the cluster machines or VM's"
     type: object
-  cloud: 
-    "$id": "#/epiphany-cluster/properties/cloud"
-    title: "Cloud Schema"
-    description: "Settings specific to cloud providers (AWS, Azure)"
-    type: object  
+  cloud:
+    "$id": "#/properties/specification/properties/cloud"
+    type: object
+    title: The Cloud Schema
+    properties:
+      subscription_name:
+        "$id": "#/properties/specification/properties/cloud/properties/subscription_name"
+        type: string
+        title: The Subscription_name Schema
+        default: ''
+        examples:
+        - subsciptionname
+        pattern: "^(.*)$"
+      vnet_address_pool:
+        "$id": "#/properties/specification/properties/cloud/properties/vnet_address_pool"
+        type: string
+        title: The Vnet_address_pool Schema
+        default: ''
+        examples:
+        - 10.1.0.0/20
+        pattern: "^(.*)$"
+      use_public_ips:
+        "$id": "#/properties/specification/properties/cloud/properties/use_public_ips"
+        type: boolean
+        title: The Use_public_ips Schema
+        default: false
+        examples:
+        - false
+      use_service_principal:
+        "$id": "#/properties/specification/properties/cloud/properties/use_service_principal"
+        type: boolean
+        title: The Use_service_principal Schema
+        default: false
+        examples:
+        - false
+      region:
+        "$id": "#/properties/specification/properties/cloud/properties/region"
+        type: string
+        title: The Region Schema
+        default: ''
+        examples:
+        - eu-west-2
+        pattern: "^(.*)$"
+      credentials:
+        "$id": "#/properties/specification/properties/cloud/properties/credentials"
+        type: object
+        title: The Credentials Schema
+        required:
+        - key
+        - secret
+        properties:
+          key:
+            "$id": "#/properties/specification/properties/cloud/properties/credentials/properties/key"
+            type: string
+            title: The Key Schema
+            pattern: "^(.*)$"
+          secret:
+            "$id": "#/properties/specification/properties/cloud/properties/credentials/properties/secret"
+            type: string
+            title: The Secret Schema
+            pattern: "^(.*)$"
+      network:
+        "$id": "#/properties/specification/properties/cloud/properties/network"
+        type: object
+        title: The Network Schema
+        properties:
+          use_network_security_groups:
+            "$id": "#/properties/specification/properties/cloud/properties/network/properties/use_network_security_groups"
+            type: boolean
+            title: The Use_network_security_groups Schema
+            default: false
+            examples:
+            - true
   components: 
-    "$id": "#/epiphany-cluster/properties/components"
+    "$id": "#/properties/components"
     title: "Components schema"
     description: "Cluster component layout specification"
-    type: object
+    type: object
+
+
+
+
+