VMware Tanzu Operations Manager and multiple products

In this topic you will find a reference pipeline that illustrates the tasks and provides an example of a basic pipeline design. You know your environment and constraints. VMware recommends that you look at the tasks that make up the pipeline, and see how they can be arranged for your specific automation needs. For a deeper dive into each task, see the Task Reference.

These Concourse pipelines are examples of how to use the tasks. If you use a different CI/CD platform, you can use these Concourse files as examples of the inputs, outputs, and arguments used in each step in the workflow.

Prerequisites

  • Deployed Concourse

    Note Platform Automation Toolkit is based on Concourse CI. We recommend that you have some familiarity with Concourse before getting started. If you are new to Concourse, Concourse CI Tutorials is a good place to start.

  • Persisted datastore that can be accessed by Concourse resource (for example, s3, gcs, minio)

  • A valid Env file: this file will contain credentials necessary to login to Tanzu Operations Manager using the om CLI. It is used by every task within Platform Automation Toolkit

  • A valid Auth file: this file will contain the credentials necessary to create the Tanzu Operations Manager login the first time the VM is created. The choices for this file are:

    • simple authentication
    • saml authentication

    Note There will be some crossover between the auth file and the env file due to how om is set up and how the system works. It is highly recommended to parameterize these values, and let a credential management system (such as CredHub) fill in these values for you to maintain consistency across files.

  • An opsman-configuration file: This file is required to connect to an IAAS, and to control the lifecycle management of the Tanzu Operations Manager VM.

  • A director-configuration file: Each Tanzu Operations Manager needs its own configuration, but it is retrieved differently than a product configuration. This config is used to deploy a new Tanzu Operations Manager director, or to update an existing one.

  • A set of valid product-configuration files: Each product configuration is a YAML file that contains the properties necessary to configure a Tanzu Operations Manager product using the om tool. This can be used during install or update.

  • (Optional) A working CredHub setup with its own UAA client and secret.

    Note Ensure that products have been procured from the Broadcom Support portal using the information in Retrieving external dependencies.

Installing VMware Tanzu Operations Manager and multiple products

The pipeline shows how to compose the tasks to install Tanzu Operations Manager and the Tanzu Application Service and Healthwatch products. Its dependencies are coming from a trusted git repository, which can be retrieved as shown in Retrieving external dependencies.

Full pipeline and reference configurations

The docs-platform-automation-reference-pipeline-config git repository contains the full pipeline file, along with other pipeline and configuration examples.

This can be useful when you want to take a fully assembled pipeline as a starting point. The rest of this document covers the sections of the full pipeline in more detail.

Pipeline components

S3 resources

These can be uploaded manually or from the reference resources pipeline.

resources:
- name: platform-automation-tasks
  type: s3
  source:
    access_key_id: ((s3_access_key_id))
    secret_access_key: ((s3_secret_access_key))
    region_name: ((s3_region_name))
    bucket: ((s3_pivnet_products_bucket))
    regexp: .*tasks-(.*).zip

- name: platform-automation-image
  type: s3
  source:
    access_key_id: ((s3_access_key_id))
    secret_access_key: ((s3_secret_access_key))
    region_name: ((s3_region_name))
    bucket: ((s3_pivnet_products_bucket))
    regexp: .*image-(.*).tgz

- name: telemetry-collector-binary
  type: s3
  source:
    access_key_id: ((s3_access_key_id))
    secret_access_key: ((s3_secret_access_key))
    region_name: ((s3_region_name))
    bucket: ((s3_pivnet_products_bucket))
    regexp: .*telemetry-(.*).tgz

Important If you are retrieving pas-windows and pas-windows-stemcell from an S3 bucket, you must use the built-in S3 Concourse resource. This is shown in the previous example. The download-product task with SOURCE: s3 does not persist meta information about necessary stemcell for pas-windows because VMware does not distribute the Windows file system.

Alternatively, products may be downloaded using the download-product task with the param SOURCE set to s3|azure|gcs. In a job, specify the following task:

...
- task: download-pas
  image: platform-automation-image
  file: platform-automation-tasks/tasks/download-product.yml
  params:
    CONFIG_FILE: download-product-configs/pas.yml
    SOURCE: s3
  input_mapping:
    config: interpolated-creds
  output_mapping:
    downloaded-product: pas-product
    downloaded-stemcell: pas-stemcell
...

Exported installation resource

Important VMware recommends persisting the zip file exported from export-installation to an external file store (for example, S3) on a regular basis. The exported installation can restore the Tanzu Operations Manager to a working state if it is not working.

- name: installation
  type: s3
  source:
    access_key_id: ((s3_access_key_id))
    secret_access_key: ((s3_secret_access_key))
    region_name: ((s3_region_name))
    bucket: ((s3_installation_bucket))
    regexp: ((foundation))-installation-(.*).zip

Configured resources

These configured resources contain values for Tanzu Operations Manager VM creation, director, product, foundation-specific vars, auth, and env files. For more details, see the Inputs and outputs section. Platform Automation Toolkit will not create these resources for you.


# VM state and foundation configuration
- name: state
  type: s3
  source:
    access_key_id: ((s3_access_key_id))
    bucket: ((s3_foundation_state_bucket))
    region_name: ((s3_region_name))
    secret_access_key: ((s3_secret_access_key))
    versioned_file: state-((foundation)).yml
    initial_content_text: '{}'
    initial_version: 'empty-start'

# configurations
- name: configuration
  type: git
  source:
    private_key: ((docs-ref-pipeline-repo-key.private_key))
    uri: ((docs-ref-pipeline-repo-uri))
    branch: develop

Trigger resources

# triggers used to have jobs do something in a timely manner
- name: one-time-trigger
  type: time
  source:
    interval: 999999h

- name: daily-trigger
  type: time
  source:
    interval: 24h

Secrets handling

This secrets handling example helps load secrets stored in an external credential manager such as CredHub. Concourse support several credential managers natively.

The configuration below uses the prepare-tasks-with-secrets task to load secrets from your external configuration files.


# This task is used in multiple jobs
# The YAML anchor "*prepare-tasks-with-secrets" is used in its place
prepare-tasks-with-secrets: &prepare-tasks-with-secrets
  image: platform-automation-image
  file: platform-automation-tasks/tasks/prepare-tasks-with-secrets.yml
  input_mapping:
    tasks: platform-automation-tasks
    config: configuration
    vars: configuration
  params:
    CONFIG_PATHS: config/foundations/config config/foundations/((foundation))/config
    VARS_PATHS: vars/foundations/((foundation))/vars
  output_mapping:
    tasks: platform-automation-tasks

Jobs

Each job corresponds to a box on the visual representation of your Concourse pipeline. These jobs consume resources defined above.

jobs:
- name: test-platform-automation
  serial: true
  plan:
    - in_parallel:
      - get: platform-automation-image
        params:
          unpack: true
      - get: platform-automation-tasks
        params:
          unpack: true
      - get: configuration
    - task: test-interpolate
      image: platform-automation-image
      file: platform-automation-tasks/tasks/test-interpolate.yml
      params:
        CONFIG_FILE: foundations/((foundation))/config/download-tas.yml
        SKIP_MISSING: true
      input_mapping:
        config: configuration
    - task: test
      file: platform-automation-tasks/tasks/test.yml
      image: platform-automation-image

- name: install-opsman
  serial: true
  serial_groups: [ install ]
  plan:
  - in_parallel:
    - get: platform-automation-image
      params:
        unpack: true
    - get: one-time-trigger
      trigger: true
    - get: platform-automation-tasks
      params:
        unpack: true
    - get: configuration
    - get: state
  - task: prepare-tasks-with-secrets
    <<: *prepare-tasks-with-secrets
  - task: prepare-image
    <<: *prepare-image
  - task: download-opsman-image
    image: platform-automation-image
    file: platform-automation-tasks/tasks/download-product.yml
    input_mapping:
      config: configuration
      vars: configuration
    params:
      CONFIG_FILE: foundations/((foundation))/config/download-opsman.yml
      VARS_FILES: vars/foundations/((foundation))/vars/versions.yml
      SOURCE: s3
    output_mapping:
      downloaded-product: opsman-image
  - task: create-vm
    image: platform-automation-image
    file: platform-automation-tasks/tasks/create-vm.yml
    input_mapping:
      image: opsman-image
      config: configuration
      vars: configuration
    params:
      OPSMAN_CONFIG_FILE: foundations/((foundation))/config/opsman.yml
      STATE_FILE: state-((foundation)).yml
      VARS_FILES: vars/foundations/((foundation))/vars/director.yml
    ensure: &put-state
      do:
      - put: state
        params:
          file: generated-state/state-((foundation)).yml
  - task: configure-authentication
    image: platform-automation-image
    file: platform-automation-tasks/tasks/configure-authentication.yml
    attempts: 10
    input_mapping:
      env: configuration
      config: configuration
    params:
      ENV_FILE: foundations/config/env.yml
      AUTH_CONFIG_FILE: foundations/config/auth.yml
  - task: configure-opsman
    image: platform-automation-image
    file: platform-automation-tasks/tasks/configure-opsman.yml
    input_mapping:
      env: configuration
      config: configuration
      vars: configuration
    params:
      ENV_FILE: foundations/config/env.yml
      OPSMAN_CONFIG_FILE: foundations/((foundation))/config/opsman.yml
      VARS_FILES: vars/foundations/((foundation))/vars/director.yml
  - task: configure-director
    image: platform-automation-image
    file: platform-automation-tasks/tasks/configure-director.yml
    input_mapping:
      config: configuration
      env: configuration
      vars: configuration
    params:
      ENV_FILE: foundations/config/env.yml
      DIRECTOR_CONFIG_FILE: foundations/((foundation))/config/director.yml
      VARS_FILES: |
        vars/foundations/((foundation))/vars/director.yml
        vars/foundations/((foundation))/vars/tas.yml
        vars/foundations/((foundation))/vars/pks.yml 
  - task: apply-director-changes
    image: platform-automation-image
    attempts: 3
    file: platform-automation-tasks/tasks/apply-director-changes.yml
    input_mapping:
      env: configuration
    params:
      ENV_FILE: foundations/config/env.yml
  - task: export-installation
    image: platform-automation-image
    file: platform-automation-tasks/tasks/export-installation.yml
    input_mapping:
      env: configuration
    params:
      INSTALLATION_FILE: ((foundation))-installation-$timestamp.zip
      ENV_FILE: foundations/config/env.yml
  - put: installation
    params:
      file: installation/((foundation))-installation*.zip

- name: export-installation
  serial_groups: [ install ]
  serial: true
  plan:
  - in_parallel:
    - get: state
      passed: [ install-opsman ]
    - get: daily-trigger
      trigger: true
    - get: platform-automation-image
      params:
        unpack: true
    - get: platform-automation-tasks
      params:
        unpack: true
    - get: configuration
  - task: prepare-tasks-with-secrets
    <<: *prepare-tasks-with-secrets
  - task: prepare-image
    <<: *prepare-image
  - task: revert-staged-changes
    image: platform-automation-image
    file: platform-automation-tasks/tasks/revert-staged-changes.yml
    input_mapping:
      env: configuration
    params:
      ENV_FILE: foundations/config/env.yml
  - task: export-installation
    image: platform-automation-image
    file: platform-automation-tasks/tasks/export-installation.yml
    input_mapping:
      env: configuration
    params:
      ENV_FILE: foundations/config/env.yml
      INSTALLATION_FILE: ((foundation))-installation-$timestamp.zip
  - put: installation
    params:
      file: installation/((foundation))-installation*.zip

- name: upgrade-opsman
  serial: true
  serial_groups: [ install ]
  plan:
  - in_parallel:
    - get: platform-automation-image
      params:
        unpack: true
      trigger: true
    - get: platform-automation-tasks
      params:
        unpack: true
    - get: installation
      passed: [ export-installation ]
    - get: configuration
    - get: state
  - task: prepare-tasks-with-secrets
    <<: *prepare-tasks-with-secrets
  - task: prepare-image
    <<: *prepare-image
  - task: download-opsman-image
    image: platform-automation-image
    file: platform-automation-tasks/tasks/download-product.yml
    input_mapping:
      config: configuration
      vars: configuration
    params:
      CONFIG_FILE: foundations/((foundation))/config/download-opsman.yml
      VARS_FILES: vars/foundations/((foundation))/vars/versions.yml
      SOURCE: s3
    output_mapping:
      downloaded-product: opsman-image
  - task: upgrade-opsman
    image: platform-automation-image
    file: platform-automation-tasks/tasks/upgrade-opsman.yml
    input_mapping:
      image: opsman-image
      config: configuration
      env: configuration
      vars: configuration
    params:
      ENV_FILE: foundations/config/env.yml
      OPSMAN_CONFIG_FILE: foundations/((foundation))/config/opsman.yml
      STATE_FILE: state-((foundation)).yml
      INSTALLATION_FILE: ((foundation))-installation*.zip
      VARS_FILES: vars/foundations/((foundation))/vars/director.yml
    ensure: *put-state
  - task: configure-director
    image: platform-automation-image
    file: platform-automation-tasks/tasks/configure-director.yml
    input_mapping:
      config: configuration
      env: configuration
      vars: configuration
    params:
      ENV_FILE: foundations/config/env.yml
      DIRECTOR_CONFIG_FILE: foundations/((foundation))/config/director.yml
      VARS_FILES: |
        vars/foundations/((foundation))/vars/director.yml
        vars/foundations/((foundation))/vars/tas.yml
        vars/foundations/((foundation))/vars/pks.yml 
  - task: apply-director-changes
    image: platform-automation-image
    file: platform-automation-tasks/tasks/apply-director-changes.yml
    attempts: 3
    input_mapping:
      env: configuration
    params:
      ENV_FILE: foundations/config/env.yml
  - task: export-installation
    image: platform-automation-image
    file: platform-automation-tasks/tasks/export-installation.yml
    input_mapping:
      env: configuration
    params:
      ENV_FILE: foundations/config/env.yml
      INSTALLATION_FILE: ((foundation))-installation-$timestamp.zip
  - put: installation
    params:
      file: installation/((foundation))-installation*.zip

- name: download-upload-and-stage-pks
  serial: true
  serial_groups: [ products ]
  plan:
  - in_parallel:
    - get: platform-automation-image
      params:
        unpack: true
      trigger: true
      passed: [ "upgrade-opsman" ]
    - get: platform-automation-tasks
      params:
        unpack: true
    - get: configuration
  - task: prepare-tasks-with-secrets
    <<: *prepare-tasks-with-secrets
  - task: prepare-image
    <<: *prepare-image
  - task: download-pks
    image: platform-automation-image
    file: platform-automation-tasks/tasks/download-product.yml
    input_mapping:
      config: configuration
      vars: configuration
    params:
      CONFIG_FILE: foundations/((foundation))/config/download-pks.yml
      VARS_FILES: vars/foundations/((foundation))/vars/versions.yml
      SOURCE: s3
    output_mapping:
      downloaded-product: pks-product
      downloaded-stemcell: pks-stemcell
  - task: upload-and-stage-pks
    image: platform-automation-image
    file: platform-automation-tasks/tasks/upload-and-stage-product.yml
    input_mapping:
      product: pks-product
      env: configuration
    params:
      ENV_FILE: foundations/config/env.yml
  - task: upload-pks-stemcell
    image: platform-automation-image
    file: platform-automation-tasks/tasks/upload-stemcell.yml
    input_mapping:
      env: configuration
      stemcell: pks-stemcell
    params:
      ENV_FILE: foundations/config/env.yml

- name: download-upload-and-stage-tas
  serial: true
  serial_groups: [ products ]
  plan:
  - in_parallel:
    - get: platform-automation-image
      params:
        unpack: true
      trigger: true
      passed: [ "upgrade-opsman" ]
    - get: platform-automation-tasks
      params:
        unpack: true
    - get: configuration
  - task: prepare-tasks-with-secrets
    <<: *prepare-tasks-with-secrets
  - task: prepare-image
    <<: *prepare-image
  - task: download-tas
    image: platform-automation-image
    file: platform-automation-tasks/tasks/download-product.yml
    input_mapping:
      config: configuration
      vars: configuration
    params:
      CONFIG_FILE: foundations/((foundation))/config/download-tas.yml
      VARS_FILES: vars/foundations/((foundation))/vars/versions.yml
      SOURCE: s3
    output_mapping:
      downloaded-product: tas-product
      downloaded-stemcell: tas-stemcell
  - task: upload-tas-product
    image: platform-automation-image
    file: platform-automation-tasks/tasks/upload-product.yml
    input_mapping:
      product: tas-product
      env: configuration
    params:
      ENV_FILE: foundations/config/env.yml
  - task: upload-tas-stemcell
    image: platform-automation-image
    file: platform-automation-tasks/tasks/upload-stemcell.yml
    input_mapping:
      env: configuration
      stemcell: tas-stemcell
    params:
      ENV_FILE: foundations/config/env.yml
  - task: upload-and-stage-tas
    image: platform-automation-image
    file: platform-automation-tasks/tasks/stage-product.yml
    input_mapping:
      product: tas-product
      env: configuration
    params:
      ENV_FILE: foundations/config/env.yml
- name: download-upload-and-stage-healthwatch
  serial: true
  serial_groups: [ products ]
  plan:
    - in_parallel:
        - get: platform-automation-image
          params:
            unpack: true
          trigger: true
          passed: [ "upgrade-opsman" ]
        - get: platform-automation-tasks
          params:
            unpack: true
        - get: configuration
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: download-healthwatch
      image: platform-automation-image
      file: platform-automation-tasks/tasks/download-product.yml
      input_mapping:
        config: configuration
        vars: configuration
      params:
        CONFIG_FILE: foundations/((foundation))/config/download-healthwatch.yml
        VARS_FILES: vars/foundations/((foundation))/vars/versions.yml
        SOURCE: s3
      output_mapping:
        downloaded-product: healthwatch-product
        downloaded-stemcell: healthwatch-stemcell
    - task: upload-and-stage-healthwatch
      image: platform-automation-image
      file: platform-automation-tasks/tasks/upload-and-stage-product.yml
      input_mapping:
        product: healthwatch-product
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml
    - task: upload-healthwatch-stemcell
      image: platform-automation-image
      file: platform-automation-tasks/tasks/upload-stemcell.yml
      input_mapping:
        env: configuration
        stemcell: healthwatch-stemcell
      params:
        ENV_FILE: foundations/config/env.yml

- name: download-upload-and-stage-healthwatch-pas-exporter
  serial: true
  serial_groups: [ products ]
  plan:
    - in_parallel:
        - get: platform-automation-image
          params:
            unpack: true
          trigger: true
          passed: [ "upgrade-opsman" ]
        - get: platform-automation-tasks
          params:
            unpack: true
        - get: configuration
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: download-healthwatch
      image: platform-automation-image
      file: platform-automation-tasks/tasks/download-product.yml
      input_mapping:
        config: configuration
        vars: configuration
      params:
        CONFIG_FILE: foundations/((foundation))/config/download-healthwatch-pas-exporter.yml
        VARS_FILES: vars/foundations/((foundation))/vars/versions.yml
        SOURCE: s3
      output_mapping:
        downloaded-product: healthwatch-pas-exporter
    - task: upload-and-stage-healthwatch-pas-exporter
      image: platform-automation-image
      file: platform-automation-tasks/tasks/upload-and-stage-product.yml
      input_mapping:
        product: healthwatch-pas-exporter
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml

- name: download-upload-and-stage-healthwatch-pks-exporter
  serial: true
  serial_groups: [ products ]
  plan:
    - in_parallel:
        - get: platform-automation-image
          params:
            unpack: true
          trigger: true
          passed: [ "upgrade-opsman" ]
        - get: platform-automation-tasks
          params:
            unpack: true
        - get: configuration
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: download-healthwatch
      image: platform-automation-image
      file: platform-automation-tasks/tasks/download-product.yml
      input_mapping:
        config: configuration
        vars: configuration
      params:
        CONFIG_FILE: foundations/((foundation))/config/download-healthwatch-pks-exporter.yml
        VARS_FILES: vars/foundations/((foundation))/vars/versions.yml
        SOURCE: s3
      output_mapping:
        downloaded-product: healthwatch-pks-exporter
    - task: upload-and-stage-healthwatch-pks-exporter
      image: platform-automation-image
      file: platform-automation-tasks/tasks/upload-and-stage-product.yml
      input_mapping:
        product: healthwatch-pks-exporter
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml

- name: configure-pks
  serial: true
  serial_groups: [ install ]
  plan:
  - in_parallel:
    - get: platform-automation-image
      params:
        unpack: true
      passed:
      - download-upload-and-stage-pks
      trigger: true
    - get: platform-automation-tasks
      params:
        unpack: true
    - get: configuration
  - task: prepare-tasks-with-secrets
    <<: *prepare-tasks-with-secrets
  - task: prepare-image
    <<: *prepare-image
  - task: configure-pks
    image: platform-automation-image
    file: platform-automation-tasks/tasks/configure-product.yml
    input_mapping:
      config: configuration
      env: configuration
      vars: configuration
    params:
      CONFIG_FILE: foundations/((foundation))/config/pks.yml
      ENV_FILE: foundations/config/env.yml
      VARS_FILES: |
        vars/foundations/((foundation))/vars/director.yml
        vars/foundations/((foundation))/vars/pks.yml

- name: configure-tas
  serial: true
  serial_groups: [ install ]
  plan:
    - in_parallel:
      - get: platform-automation-image
        params:
          unpack: true
        passed:
          - download-upload-and-stage-tas
        trigger: true
      - get: platform-automation-tasks
        params:
          unpack: true
      - get: configuration
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: configure-tas
      image: platform-automation-image
      file: platform-automation-tasks/tasks/configure-product.yml
      input_mapping:
        config: configuration
        env: configuration
        vars: configuration
      params:
        CONFIG_FILE: foundations/((foundation))/config/tas.yml
        ENV_FILE: foundations/config/env.yml
        VARS_FILES: |
          vars/foundations/((foundation))/vars/tas.yml
          vars/foundations/((foundation))/vars/director.yml

- name: configure-healthwatch
  serial: true
  serial_groups: [ install ]
  plan:
    - in_parallel:
      - get: platform-automation-image
        params:
          unpack: true
        passed:
          - download-upload-and-stage-healthwatch
        trigger: true
      - get: platform-automation-tasks
        params:
          unpack: true
      - get: configuration
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: configure-healthwatch
      image: platform-automation-image
      file: platform-automation-tasks/tasks/configure-product.yml
      input_mapping:
        config: configuration
        env: configuration
        vars: configuration
      params:
        CONFIG_FILE: foundations/((foundation))/config/healthwatch.yml
        ENV_FILE: foundations/config/env.yml
        VARS_FILES: |
          vars/foundations/((foundation))/vars/director.yml

- name: configure-healthwatch-pas-exporter
  serial: true
  serial_groups: [ install ]
  plan:
    - in_parallel:
      - get: platform-automation-image
        params:
          unpack: true
        passed:
          - download-upload-and-stage-healthwatch-pas-exporter
        trigger: true
      - get: platform-automation-tasks
        params:
          unpack: true
      - get: configuration
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: configure-healthwatch
      image: platform-automation-image
      file: platform-automation-tasks/tasks/configure-product.yml
      input_mapping:
        config: configuration
        env: configuration
        vars: configuration
      params:
        CONFIG_FILE: foundations/((foundation))/config/healthwatch-pas-exporter.yml
        ENV_FILE: foundations/config/env.yml
        VARS_FILES: |
          vars/foundations/((foundation))/vars/director.yml

- name: configure-healthwatch-pks-exporter
  serial: true
  serial_groups: [ install ]
  plan:
    - in_parallel:
      - get: platform-automation-image
        params:
          unpack: true
        passed:
          - download-upload-and-stage-healthwatch-pks-exporter
        trigger: true
      - get: platform-automation-tasks
        params:
          unpack: true
      - get: configuration
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: configure-healthwatch
      image: platform-automation-image
      file: platform-automation-tasks/tasks/configure-product.yml
      input_mapping:
        config: configuration
        env: configuration
        vars: configuration
      params:
        CONFIG_FILE: foundations/((foundation))/config/healthwatch-pks-exporter.yml
        ENV_FILE: foundations/config/env.yml
        VARS_FILES: |
          vars/foundations/((foundation))/vars/director.yml

- name: apply-product-changes
  serial: true
  serial_groups: [ install ]
  plan:
  - in_parallel:
    - get: platform-automation-image
      params:
        unpack: true
      passed:
      - configure-pks
      - configure-tas
      - configure-healthwatch
      - configure-healthwatch-pas-exporter
      - configure-healthwatch-pks-exporter
      trigger: true
    - get: platform-automation-tasks
      params:
        unpack: true
    - get: configuration
  - task: prepare-tasks-with-secrets
    <<: *prepare-tasks-with-secrets
  - task: prepare-image
    <<: *prepare-image
  - task: pre-deploy-check
    image: platform-automation-image
    file: platform-automation-tasks/tasks/pre-deploy-check.yml
    input_mapping:
      env: configuration
    params:
      ENV_FILE: foundations/config/env.yml
  - task: apply-product-changes
    attempts: 3
    image: platform-automation-image
    file: platform-automation-tasks/tasks/apply-changes.yml
    input_mapping:
      env: configuration
    params:
      ENV_FILE: foundations/config/env.yml
  - task: check-pending-changes
    image: platform-automation-image
    file: platform-automation-tasks/tasks/check-pending-changes.yml
    input_mapping:
      env: configuration
    params:
      ENV_FILE: foundations/config/env.yml
      ALLOW_PENDING_CHANGES: true
  - task: export-installation
    image: platform-automation-image
    file: platform-automation-tasks/tasks/export-installation.yml
    input_mapping:
      env: configuration
    params:
      ENV_FILE: foundations/config/env.yml
      INSTALLATION_FILE: ((foundation))-installation-$timestamp.zip
  - put: installation
    params:
      file: installation/((foundation))-installation*.zip
- name: run-tas-smoketest-errand
  serial: true
  plan:
  - in_parallel:
    - get: platform-automation-image
      params:
        unpack: true
      passed:
      - configure-pks
      - configure-tas
      - configure-healthwatch
      trigger: true
    - get: platform-automation-tasks
      params:
        unpack: true
    - get: configuration
  - task: prepare-tasks-with-secrets
    <<: *prepare-tasks-with-secrets
  - task: prepare-image
    <<: *prepare-image
  - task: run-bosh-errand
    image: platform-automation-image
    file: platform-automation-tasks/tasks/run-bosh-errand.yml
    input_mapping:
      env: configuration
    params:
      PRODUCT_NAME: cf
      ERRAND_NAME: smoke_tests
      ENV_FILE: foundations/config/env.yml
      OPSMAN_SSH_PRIVATE_KEY: ((ops_manager_ssh_private_key))
- name: collect-telemetry
  serial: true
  serial_groups: [ install ]
  plan:
  - in_parallel:
    - get: telemetry-collector-binary
      params:
        unpack: true
    - get: platform-automation-image
      params:
        unpack: true
      passed:
      - apply-product-changes
      trigger: true
    - get: platform-automation-tasks
      params:
        unpack: true
    - get: configuration
  - task: prepare-tasks-with-secrets
    <<: *prepare-tasks-with-secrets
  - task: prepare-image
    <<: *prepare-image
  - task: collect-telemetry-data
    image: platform-automation-image
    file: platform-automation-tasks/tasks/collect-telemetry.yml
    input_mapping:
      env: configuration
      config: configuration
    params:
      CONFIG_FILE: foundations/((foundation))/config/telemetry.yml
      ENV_FILE: foundations/config/env.yml
  - task: send-telemetry-data
    attempts: 3
    image: platform-automation-image
    file: platform-automation-tasks/tasks/send-telemetry.yml
    params:
      API_KEY: no-op-test-key
      DATA_FILE_PATH: collected-telemetry-data/FoundationDetails*.tar
- name: expiring-certificates
  serial: true
  serial_groups: [ install ]
  plan:
    - in_parallel:
      - get: daily-trigger
        trigger: true
      - get: platform-automation-image
        params:
          unpack: true
      - get: platform-automation-tasks
        params:
          unpack: true
      - get: configuration
      - get: state
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: expiring-certificates
      image: platform-automation-image
      file: platform-automation-tasks/tasks/expiring-certificates.yml
      input_mapping:
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml
        EXPIRES_WITHIN: 2m
- name: stage-configure-apply-telemetry
  serial_groups: [install]
  plan:
    - in_parallel:
      - get: platform-automation-image
        params:
          unpack: true
        passed:
          - apply-product-changes
        trigger: true
      - get: platform-automation-tasks
        params:
          unpack: true
      - get: configuration
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: prepare-image
      <<: *prepare-image
    - task: stage-configure-apply
      image: platform-automation-image
      file: platform-automation-tasks/tasks/stage-configure-apply.yml
      attempts: 3
      params:
        CONFIG_FILE: foundations/((foundation))/config/p-telemetry.yml
        STAGE_PRODUCT_CONFIG_FILE: foundations/((foundation))/config/p-telemetry.yml
        ENV_FILE: foundations/config/env.yml
        VARS_FILES: |
          vars/foundations/((foundation))/vars/director.yml
      input_mapping:
        env: configuration
        config: configuration
        vars: configuration
- name: delete-installation
  serial: true
  serial_groups: [install]
  plan:
    - in_parallel:
      - get: platform-automation-image
        params:
          unpack: true
      - get: platform-automation-tasks
        params:
          unpack: true
      - get: configuration
      - get: state
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: delete-installation
      image: platform-automation-image
      file: platform-automation-tasks/tasks/delete-installation.yml
      input_mapping:
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml
    - task: delete-vm
      image: platform-automation-image
      file: platform-automation-tasks/tasks/delete-vm.yml
      input_mapping:
        config: configuration
      params:
        OPSMAN_CONFIG_FILE: foundations/((foundation))/config/opsman.yml
        STATE_FILE: state-((foundation)).yml
      ensure:
        do:
        - put: state
          params:
            file: generated-state/state-((foundation)).yml
- name: create-root-ca
  plan:
    - in_parallel:
        - get: platform-automation-image
          params:
            unpack: true
        - get: platform-automation-tasks
          params:
            unpack: true
        - get: configuration
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: create-root-ca
      image: platform-automation-image
      file: platform-automation-tasks/tasks/configure-new-certificate-authority.yml
      input_mapping:
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml

- name: apply-new-ca
  serial: true
  plan:
    - in_parallel:
        - get: platform-automation-image
          params:
            unpack: true
          passed:
            - create-root-ca
        - get: platform-automation-tasks
          params:
            unpack: true
        - get: configuration
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: pre-deploy-check
      image: platform-automation-image
      file: platform-automation-tasks/tasks/pre-deploy-check.yml
      input_mapping:
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml
    - task: apply-product-changes
      attempts: 3
      image: platform-automation-image
      file: platform-automation-tasks/tasks/apply-changes.yml
      input_mapping:
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml
        SELECTIVE_DEPLOY_PRODUCTS: "cf,p-bosh,p-healthwatch2,p-healthwatch2-pas-exporter,pivotal-telemetry-om"

- name: activate-new-ca-and-regenerate-certs
  serial: true
  plan:
    - in_parallel:
        - get: platform-automation-image
          params:
            unpack: true
          passed:
            - apply-new-ca
        - get: platform-automation-tasks
          params:
            unpack: true
        - get: configuration
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: activate-new-ca
      image: platform-automation-image
      file: platform-automation-tasks/tasks/activate-certificate-authority.yml
      input_mapping:
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml
    - task: regenerate-certificates
      image: platform-automation-image
      file: platform-automation-tasks/tasks/regenerate-certificates.yml
      input_mapping:
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml

- name: apply-certificates
  serial: true
  plan:
    - in_parallel:
        - get: platform-automation-image
          params:
            unpack: true
          passed:
            - activate-new-ca-and-regenerate-certs
        - get: platform-automation-tasks
          params:
            unpack: true
        - get: configuration
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: pre-deploy-check
      image: platform-automation-image
      file: platform-automation-tasks/tasks/pre-deploy-check.yml
      input_mapping:
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml
    - task: apply-product-changes
      attempts: 3
      image: platform-automation-image
      file: platform-automation-tasks/tasks/apply-changes.yml
      input_mapping:
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml
        SELECTIVE_DEPLOY_PRODUCTS: "cf,p-bosh,p-healthwatch2,p-healthwatch2-pas-exporter,pivotal-telemetry-om"

- name: cleanup-ca-certificate-authorities
  serial: true
  plan:
    - in_parallel:
        - get: platform-automation-image
          params:
            unpack: true
          passed:
            - apply-certificates
        - get: platform-automation-tasks
          params:
            unpack: true
        - get: configuration
    - task: prepare-tasks-with-secrets
      <<: *prepare-tasks-with-secrets
    - task: delete-certificate-authority
      image: platform-automation-image
      file: platform-automation-tasks/tasks/delete-certificate-authority.yml
      input_mapping:
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml
    - task: pre-deploy-check
      image: platform-automation-image
      file: platform-automation-tasks/tasks/pre-deploy-check.yml
      input_mapping:
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml
    - task: apply-product-changes
      attempts: 3
      image: platform-automation-image
      file: platform-automation-tasks/tasks/apply-changes.yml
      input_mapping:
        env: configuration
      params:
        ENV_FILE: foundations/config/env.yml
        SELECTIVE_DEPLOY_PRODUCTS: "cf,p-bosh,p-healthwatch2,p-healthwatch2-pas-exporter,pivotal-telemetry-om"
check-circle-line exclamation-circle-line close-line
Scroll to top icon