Added CHANGELOG for version 3.0.0

Co-authored-by: Jhonathan Aristizabal <[email protected]> Co-authored-by: Ramkumar Vengadakrishnan <[email protected]> feat: Added configure director and apply changes
pivotal · Dec 13, 2021 · 9635454 · 9635454
1 parent 4663120
commit 9635454
Show file tree

Hide file tree

Showing 4 changed files with 209 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,38 @@
 # Changelog
 
+## 3.0.0
+
+### Breaking changes
+
+- `GCP`: Added a new variable `location` on the variables which sets the location of the bucket `ops-manager`.
+
+- Updated the templates to use `terraform` version `1.0.11`.
+- Terraform providers updated and templates adjusted to remove deprecation warnings and errors.
+
+    |Provider| version|
+    |-|-|
+    | GCP | 4.1.0 |
+    | AWS | 3.65.0 |
+    | Azure | 2.85.0 |
+
+### Features
+- #70 : `GCP` Add NAT router configuration also for Ops Manager.
+- #64 : `Azure` fix subnet reserved ranges.
+- #63 : `All Providers` Inconsistent DNS A record entries for PKS API endpoints.
+- `All Providers` : All the version constraints for the providers were moved to the `version.tf` files.
+- `Azure`: Updated the `azurerm_subnet` resources to use the new `address_prefixes` property.
+- `Azure`: Fixed an interpolation warning on `azure/ops-manager-resource-groups.tf`.
+- `Azure` : Removed the property `enable_advanced_thread_protection` from the `azurerm_storage_account` resource, which was removed on the latest version of the provider.
+- `Azure` : Added resourcce `azurerm_advanced_thread_protection` which substitutes the use of the property `enable_advanced_thread_protection` on the `azurerm_storage_account` resources.
+- `Azure` : Added the property `allow_blob_public_access` with value `true` on the `azurerm_storage_account.bosh` resource, this should mimic previous behavior which was throwing errors after the provider upgrade.
+- `Azure` : Changed the value of the `role_definition_id` of the `azurerm_role_assignment` resources to use the `azurerm_role_definition.resource_name.resource` property instead of `azurerm_role_definition.pks-worker.id`, this fixes a problem introduced after upgrading the provider, caused by a change on the format on the property `id` for the `azurerm_role_definition`.
+- `Azure` : Removed the use of the propert `resource_group_name` on the `azurerm_lb_backend_address_pool` resources.
+- `Azure` : Updated the `azurerm_lb_probe` resources to use the property `backend_address_pool_ids` instead of the property `backend_address_pool_id`, this removes a deprecation warning.
+- `GCP`: Added propert `source_ranges` to firewall rules which didn't had it, this setting can be change using the `ingress_source_ranges` variable on the `terraform.tfvars` file.
+
+### Bug Fixes
+- Fixed an issue introduced by [fc36573](https://github.com/pivotal/paving/fc36573) which caused the terraform to fail on certain circumstances.
+
 ## 2.1.0
 
 ### Features

diff --git a/README.md b/README.md
@@ -7,7 +7,7 @@ The templates support AWS, vSphere, Azure, and GCP.
 
 ## Requirements
 
-- [Terraform v0.13+](https://www.terraform.io/downloads.html)
+- [Terraform v1.0.22](https://www.terraform.io/downloads.html)
 
 ## Usage
 

diff --git a/ci/pipelines/pipeline.yml b/ci/pipelines/pipeline.yml
@@ -4,6 +4,9 @@ groups:
   - paving-gcp
   - paving-aws
   - paving-azure
+- name: gcp-opsman
+  jobs:
+  - pave-gcp-opsman
 resources:
 - name: docs-platform-automation
   type: git
@@ -24,6 +27,29 @@ resources:
   source:
     uri: https://github.com/pivotal/paving
     branch: terraform-upgrade
+- name: rc-tasks-s3
+  type: s3
+  source:
+    access_key_id: ((s3.access_key_id))
+    bucket: ((s3.buckets.release_candidate))
+    regexp: platform-automation-tasks-(.*).zip
+    region_name: ((s3.region_name))
+    secret_access_key: ((s3.secret_access_key))
+- name: rc-image-s3
+  type: s3
+  source:
+    access_key_id: ((s3.access_key_id))
+    bucket: ((s3.buckets.release_candidate))
+    regexp: platform-automation-image-(.*).tgz
+    region_name: ((s3.region_name))
+    secret_access_key: ((s3.secret_access_key))
+- name: opsman-image
+  type: pivnet
+  source:
+    api_token: ((pivnet_token))
+    product_slug: ops-manager
+    product_version: 2\.[0-9]+\.[0-9]+$
+    sort_by: semver
 resource_types:
 - name: pivnet
   type: registry-image
@@ -35,7 +61,6 @@ resource_types:
   source:
     repository: cfcommunity/slack-notification-resource
     tag: latest
-
 jobs:
 - name: paving-gcp
   plan:
@@ -237,3 +262,151 @@ jobs:
       params:
         rebase: true
         repository: deployments
+- name: pave-gcp-opsman
+  plan:
+  - in_parallel:
+    - get: docs-platform-automation
+    - get: paving
+    - get: deployments
+    - get: platform-automation-tasks
+      resource: rc-tasks-s3
+      params:
+        unpack: true
+    - get: platform-automation-image
+      resource: rc-image-s3
+      params:
+        unpack: true
+    - get: opsman-image
+      trigger: true
+      params:
+        globs:
+        - '*gcp*.yml'
+  - task: leftovers
+    file: docs-platform-automation/ci/tasks/leftovers.yml
+    params:
+      BBL_IAAS: gcp
+      BBL_AWS_ACCESS_KEY_ID: ((s3.access_key_id))
+      BBL_AWS_SECRET_ACCESS_KEY: ((s3.secret_access_key))
+      BBL_AWS_REGION: "us-east-2"
+      BBL_AZURE_CLIENT_ID: ((azure.client_id))
+      BBL_AZURE_CLIENT_SECRET: ((azure.client_secret))
+      BBL_AZURE_TENANT_ID: ((azure.tenant_id))
+      BBL_AZURE_SUBSCRIPTION_ID: ((azure.subscription_id))
+      BBL_GCP_SERVICE_ACCOUNT_KEY: ((gcp.service_account))
+      BBL_NSXT_PASSWORD: ((nsx.password))
+      BBL_NSXT_USERNAME: ((nsx.username))
+      BBL_NSXT_MANAGER_HOST: ((nsx.url))
+      FILTER: ci-paving-gcp-om
+      DRY_RUN: false
+      NO_CONFIRM: true
+  - task: remove-state-files-gcp
+    file: docs-platform-automation/ci/tasks/delete-state-file.yml
+    params:
+      DEPLOYMENT: ci-paving-gcp-om
+      PLATFORM_AUTOMATION_EMAIL: ((platform-automation-email))
+    ensure:
+      put: deployments
+      params:
+        rebase: true
+        repository: deployments
+  - task: terraform-gcp
+    attempts: 2
+    file: docs-platform-automation/ci/tasks/create-infrastructure/task.yml
+    params:
+      IAAS: gcp
+      DEPLOYMENT_NAME: ci-paving-gcp-om
+      OM_PASSWORD: ((opsman-login.password))
+      OM_USERNAME: ((opsman-login.username))
+      PLATFORM_AUTOMATION_EMAIL: ((platform-automation-email))
+    ensure:
+      put: deployments
+      params:
+        rebase: true
+        repository: deployments
+  - task: prepare-tasks-with-secrets
+    file: docs-platform-automation/tasks/prepare-tasks-with-secrets.yml
+    image: platform-automation-image
+    input_mapping:
+      config: paving
+      tasks: platform-automation-tasks
+      vars: deployments
+    output_mapping:
+      tasks: platform-automation-tasks
+    params:
+      CONFIG_PATHS: config/ci/configuration/gcp/director.yml config/ci/configuration/auth.yml
+      VARS_PATHS: vars/ci-paving-gcp-om/terraform-vars.yml
+  - task: create-vm
+    file: platform-automation-tasks/tasks/create-vm.yml
+    input_mapping:
+      image: opsman-image
+      state: deployments
+      config: paving
+      vars: deployments
+    params:
+      STATE_FILE: ci-paving-gcp-om/state.yml
+      OPSMAN_CONFIG_FILE: ci/configuration/gcp/ops-manager.yml
+      VARS_FILES: vars/ci-paving-gcp-om/terraform-vars.yml
+    image: platform-automation-image
+    ensure:
+      do:
+      - task: state-file
+        file: platform-automation-tasks/tasks/make-git-commit.yml
+        params:
+          GIT_AUTHOR_NAME: platform-automation-bot
+          GIT_AUTHOR_EMAIL: ((platform-automation-email))
+          COMMIT_MESSAGE: "create-vm update state file for ci-paving-gcp-om"
+          FILE_SOURCE_PATH: state.yml
+          FILE_DESTINATION_PATH: ci-paving-gcp-om/state.yml
+        input_mapping:
+          repository: deployments
+          file-source: generated-state
+        image: platform-automation-image
+      - put: deployments
+        params:
+          rebase: true
+          repository: repository-commit
+  - task: configure-authentication
+    file: platform-automation-tasks/tasks/configure-authentication.yml
+    image: platform-automation-image
+    attempts: 20
+    input_mapping:
+      env: deployments
+      config: paving
+    params:
+      ENV_FILE: ci-paving-gcp-om/env.yml
+      AUTH_CONFIG_FILE: ci/configuration/auth.yml
+      VARS_FILES: env/ci-paving-gcp-om/terraform-vars.yml
+
+  - task: configure-director
+    file: platform-automation-tasks/tasks/configure-director.yml
+    image: platform-automation-image
+    input_mapping:
+      env: deployments
+      config: paving
+    params:
+      ENV_FILE: ci-paving-gcp-om/env.yml
+      VARS_FILES: env/ci-paving-gcp-om/terraform-vars.yml
+      DIRECTOR_CONFIG_FILE: ci/configuration/gcp/director.yml
+
+  - task: apply-director-changes
+    file: platform-automation-tasks/tasks/apply-director-changes.yml
+    image: platform-automation-image
+    input_mapping:
+      env: deployments
+    params:
+      ENV_FILE: ci-paving-gcp-om/env.yml
+
+  - task: destroy-gcp
+    attempts: 2
+    file: docs-platform-automation/ci/tasks/delete-infrastructure/task.yml
+    params:
+      IAAS: gcp
+      DEPLOYMENT_NAME: ci-paving-gcp
+      OM_PASSWORD: ((opsman-login.password))
+      OM_USERNAME: ((opsman-login.username))
+      PLATFORM_AUTOMATION_EMAIL: ((platform-automation-email))
+    ensure:
+      put: deployments
+      params:
+        rebase: true
+        repository: deployments
diff --git a/gcp/variables.tf b/gcp/variables.tf
@@ -32,6 +32,7 @@ variable "ssl_private_key" {
 }
 
 variable "location" {
+  default = "US"
   description = "The location to store the bucket data"
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -32,6 +32,7 @@ variable "ssl_private_key" { @@
     }
     variable "location" {
+      default = "US"
       description = "The location to store the bucket data"
     }
@@ Expand Down @@