Tas standalone

deploy.yml

@@ -62,6 +62,8 @@
     - role: nsxt/nsxt-mgmt-appliance
       when: 'nsxt is defined'
       tags: ["nsxt", "nsxt-mgr"]
+      # TODO set password expiry
+      # su admin '-c set user admin set user admin password-expiration 9999'
     - role: nsxt/nsxt-mgmt-certificate
       when: 'nsxt is defined'
       tags: ["nsxt", "nsxt-mgr-cert"]

roles/delete-deployment/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+opsman_ip: "{{ tanzu_opsman_bosh.opsman_ip }}"
+opsman_username: "{{ tanzu_opsman_bosh.opsman_username }}"
+opsman_password: "{{ tanzu_opsman_bosh.opsman_password }}"

roles/delete-deployment/tasks/main.yml

@@ -9,6 +9,7 @@
     state: absent
     force: true
   delegate_to: localhost
+  when: 'nested_vcenter is defined'
 
 - name: Remove ESXi hosts VMs
   community.vmware.vmware_guest:
@@ -21,6 +22,7 @@
     force: true
   delegate_to: localhost
   loop: "{{ nested_hosts }}"
+  when: 'nested_hosts is defined'
 
 - name: Remove NSX-T Manager VM
   community.vmware.vmware_guest:
@@ -45,3 +47,42 @@
     force: true
   delegate_to: localhost
   when: 'nsx_alb is defined'
+
+- name: Check if Opsman is online
+  ansible.builtin.uri:
+    validate_certs: false
+    url: "http://{{ opsman_ip }}/"
+    method: GET
+    status_code: 200,302,301,503
+  register: result_opsman_check
+  until: result_opsman_check.status == 200
+  when: 'tanzu_opsman_bosh is defined and not nested_vcenter is defined'
+
+- name: Delete TAS deployment (if not nested)
+  args:
+    executable: /bin/bash
+  ansible.builtin.shell:
+    cmd: |
+      #/bin/bash
+      set -eu
+
+      unset OM_PASSWORD OM_USERNAME OM_SKIP_SSL_VALIDATION OM_TARGET
+
+      env=$(cat << EOF
+      {{ lookup('template', 'env.yml') | from_yaml | to_nice_yaml }}
+      EOF
+      )
+
+      om --env <(echo "$env") delete-installation --force
+  when: 'tanzu_opsman_bosh is defined and not nested_vcenter is defined and result_opsman_check.status == 200'
+
+- name: Remove Opsman VM
+  community.vmware.vmware_guest:
+    hostname: "{{ hosting_vcenter.ip }}"
+    username: "{{ hosting_vcenter.username }}"
+    password: "{{ hosting_vcenter.password }}"
+    validate_certs: false
+    name: "{{ environment_tag }}-ops-manager"
+    state: absent
+    force: true
+  delegate_to: localhost

roles/delete-deployment/templates/env.yml

@@ -0,0 +1,15 @@
+---
+target: https://{{ opsman_ip }}
+# connect-timeout: 5            # default 5
+# request-timeout: 1800          # default 1800
+skip-ssl-validation: true     # default false
+username: "{{ opsman_username }}"
+password: "{{ opsman_password }}"
+# decryption-passphrase is optional,
+# except for use with `import-installation`.
+# OpsMan depends on the passphrase
+# to decrypt the imported installation.
+# For other commands, providing this key allows
+# decryption of the OpsMan VM after reboot,
+# which would otherwise need to be done manually.
+decryption-passphrase: "{{ opsman_password }}{{ opsman_password }}"

roles/display-configuration/tasks/main.yml

@@ -76,7 +76,8 @@
         {% if tanzu_multi_cloud.generated_config_file is defined %}
         "tanzu_multi_cloud": {
           "config_file": "{{ tanzu_multi_cloud.generated_config_file }}",
-          "mgmt_create_command" : "tanzu management-cluster create --file {{ tanzu_multi_cloud.generated_config_file }}"
+          "mgmt_create_command" : "tanzu management-cluster create --file {{ tanzu_multi_cloud.generated_config_file }}",
+          "mgmt_reset_command" : "tanzu context delete {{ environment_tag }}-tkg-mgmt"
         },
         {% endif %}
 

roles/tanzu/application-service/defaults/main.yml

@@ -3,21 +3,23 @@ opsman_ip: "{{ tanzu_opsman_bosh.opsman_ip }}"
 opsman_username: "{{ tanzu_opsman_bosh.opsman_username }}"
 opsman_password: "{{ tanzu_opsman_bosh.opsman_password }}"
 
-tas_nsx_transport_zone: "{{ tanzu_application_service.nsx.transport_zone }}"
-tas_nsx_manager_url: "{{ tanzu_application_service.nsx.nsx_manager_url }}"
-tas_nsx_username: "{{ tanzu_application_service.nsx.username }}"
-tas_nsx_password: "{{ tanzu_application_service.nsx.password }}"
+tas_template_file: "{{ tanzu_application_service.tas_template_file }}"
+
+tas_nsx_manager_url: "{{ tanzu_application_service.nsx.nsx_manager_url |default(omit) }}"
+tas_nsx_username: "{{ tanzu_application_service.nsx.username |default(omit) }}"
+tas_nsx_password: "{{ tanzu_application_service.nsx.password |default(omit) }}"
+tas_nsx_transport_zone: "{{ tanzu_application_service.nsx.transport_zone |default(omit) }}"
 tas_nsx_principal_identity:
   public_key: |-
-    {{ tanzu_application_service.nsx.principal_identity.public_key }}
+    {{ tanzu_application_service.nsx.principal_identity.public_key |default(omit) }}
   private_key: |-
-    {{ tanzu_application_service.nsx.principal_identity.private_key }}
+    {{ tanzu_application_service.nsx.principal_identity.private_key |default(omit) }}
 
-tas_nsx_egress_pool_name: "{{ tanzu_application_service.nsx.egress_pool_name }}"
-tas_nsx_egress_pool_cidr: "{{ tanzu_application_service.nsx.egress_pool_cidr }}"
-tas_nsx_egress_pool_ranges: "{{ tanzu_application_service.nsx.egress_pool_ranges }}"
-tas_nsx_container_block_name: "{{ tanzu_application_service.nsx.container_block_name }}"
-tas_nsx_container_block_cidr: "{{ tanzu_application_service.nsx.container_block_cidr }}"
+tas_nsx_egress_pool_name: "{{ tanzu_application_service.nsx.egress_pool_name |default(omit) }}"
+tas_nsx_egress_pool_cidr: "{{ tanzu_application_service.nsx.egress_pool_cidr |default(omit) }}"
+tas_nsx_egress_pool_ranges: "{{ tanzu_application_service.nsx.egress_pool_ranges |default(omit) }}"
+tas_nsx_container_block_name: "{{ tanzu_application_service.nsx.container_block_name |default(omit) }}"
+tas_nsx_container_block_cidr: "{{ tanzu_application_service.nsx.container_block_cidr |default(omit) }}"
 
 tas_deployment_network: "{{ tanzu_application_service.deployment_network }}"
 tas_apps_domain: "{{ tanzu_application_service.apps_domain }}"

roles/tanzu/application-service/tasks/main.yml

@@ -7,6 +7,7 @@
     password: "{{ tas_nsx_password }}"
     validate_certs: false
   register: result_nsx_routers
+  when: "tas_nsx_manager_url is defined and '__omit' not in tas_nsx_manager_url"
 
 - name: Fetch NSX Manager cert
   ansible.builtin.shell: |-
@@ -18,15 +19,20 @@
   changed_when: false
   args:
     executable: /usr/bin/bash
+  when: "tas_nsx_manager_url is defined and '__omit' not in tas_nsx_manager_url"
+
+- name: Set Opsman env
+  ansible.builtin.set_fact:
+    opsman_env: |
+      {{ lookup('template', 'env.yml') | from_yaml }}
 
 - name: Set NSX facts
   ansible.builtin.set_fact:
     nsx_ca_cert: |-
-      {{ result_nsx_manager_cert_pem.stdout }}
+      {{ result_nsx_manager_cert_pem.stdout |default("") }}
     # Expects the T0 to be the first created router, which is not role agnostic
-    nsx_t0_id: "{{ result_nsx_routers.results[0].id }}"
-    opsman_env: |
-      {{ lookup('template', 'env.yml') | from_yaml }}
+    nsx_t0_id: "{{ result_nsx_routers.results[0].id |default('') }}"
+  # when: "tas_nsx_manager_url is defined and '__omit' not in tas_nsx_manager_url"
 
 - name: Check Gorouter cert hostname
   args:
@@ -119,11 +125,11 @@
     tas_uaa_cert_pair: "{{ result_tas_uaa_cert_pair.stdout | from_json }}"
   when: tas_uaa_cert_replace
 
-- name: Setting TAS Tile vars
+- name: Set base vars
   ansible.builtin.set_fact:
     tas_vars:
       - slug: VMware-NSX-T
-        file_path: "{{ ncp_tile }}"
+        file_path: "{{ ncp_tile | default('') }}"
         product_config: "{{ lookup('template', 'ncp.yml') | from_yaml }}"
         apply_changes: false
       - slug: cf
@@ -152,6 +158,13 @@
       {{ tas_vars }}
   when: not "srt-2." in tas_tile
 
+- name: Drop NSX Tile vars if 'tas_nsx_manager_url' not set
+  ansible.builtin.set_fact:
+    tas_vars: |
+      {% set _ = tas_vars.pop(0) %}
+      {{ tas_vars }}
+  when: not tas_nsx_manager_url is defined or '__omit' in tas_nsx_manager_url
+
 - name: Deploy TAS
   ansible.builtin.include_role:
     name: tanzu/opsman/upload-stage-configure-tile