Merge pull request #534 from imperva/fix-azure-new

fix: use [[ ]] in bash conditionals and improve yum retry logic

Author: elsegev

.github/workflows/dsf_poc_cli_azure.yml

@@ -289,11 +289,11 @@ jobs:
       run: |
         terraform -chdir=$EXAMPLE_DIR workspace list
         # Only pass DEPLOYMENT_VERSION if it's not empty
-          if [ -n "${{ env.DEPLOYMENT_VERSION }}" && ${{ env.DEPLOYMENT_VERSION }} != $'\n' ]; then
-              terraform -chdir=$EXAMPLE_DIR plan -var dam_license=license.mprv -var ${{ env.DEPLOYMENT_VERSION }}
-          else
-              terraform -chdir=$EXAMPLE_DIR plan -var dam_license=license.mprv
-          fi
+        if [[ -n "${{ env.DEPLOYMENT_VERSION }}" && "${{ env.DEPLOYMENT_VERSION }}" != $'\n' ]]; then
+            terraform -chdir=$EXAMPLE_DIR plan -var dam_license=license.mprv -var "${{ env.DEPLOYMENT_VERSION }}"
+        else
+            terraform -chdir=$EXAMPLE_DIR plan -var dam_license=license.mprv
+        fi
    
 
       # On push to "main", build or change infrastructure according to Terraform configuration files
@@ -302,8 +302,8 @@ jobs:
       id: apply
       # if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' || github.event_name == 'workflow_dispatch'
       run: |
-        if [ -n "${{ env.DEPLOYMENT_VERSION }}" && ${{ env.DEPLOYMENT_VERSION }} != $'\n' ]; then
-          terraform -chdir=$EXAMPLE_DIR apply -var dam_license=license.mprv -var ${{ env.DEPLOYMENT_VERSION }}
+        if [[ -n "${{ env.DEPLOYMENT_VERSION }}" && "${{ env.DEPLOYMENT_VERSION }}" != $'\n' ]]; then
+          terraform -chdir=$EXAMPLE_DIR apply -var dam_license=license.mprv -var "${{ env.DEPLOYMENT_VERSION }}" -auto-approve
         else
           terraform -chdir=$EXAMPLE_DIR apply -var dam_license=license.mprv -auto-approve
         fi
@@ -348,7 +348,7 @@ jobs:
       id: destroy
       if: always()
       run: |
-        if [ -n "${{ env.DEPLOYMENT_VERSION }}" && "${{ env.DEPLOYMENT_VERSION }}" != $'\n' ]; then
+        if [[ -n "${{ env.DEPLOYMENT_VERSION }}" && "${{ env.DEPLOYMENT_VERSION }}" != $'\n' ]]; then
             terraform -chdir=$EXAMPLE_DIR destroy -var dam_license=license.mprv -var "${{ env.DEPLOYMENT_VERSION }}" -auto-approve
         else
             terraform -chdir=$EXAMPLE_DIR destroy -var dam_license=license.mprv -auto-approve

modules/azurerm/sonar-base-instance/setup.tftpl

@@ -37,15 +37,19 @@ function internet_access() {
 # cache and make every retry fail the same way.
 function yum_retry() {
     local attempt
-    for attempt in 1 2 3 4 5; do
+    for attempt in {1..10}; do
         if "$@"; then
             return 0
         fi
-        echo "Command failed (attempt $attempt): $*. Cleaning yum/dnf cache and retrying..."
+        echo "Command failed (attempt $attempt/10): $*"
+        echo "Cleaning yum/dnf cache and retrying..."
         yum clean all || true
         rm -rf /var/cache/yum /var/cache/dnf || true
-        sleep $((attempt * 10))
+        sleep $((attempt < 6 ? attempt * 10 : 60))
     done
+    echo "All $attempt attempts failed for: $*"
+    echo "RHUI diagnostics:"
+    curl -sI https://rhui-1.microsoft.com 2>&1 | head -5 || true
     return 1
 }
 
@@ -57,9 +61,8 @@ function install_yum_dep_from_internet() {
     local package="$1"
     local package_name="$${2:-$1}"
 
-    # yum_retry takes care of cache repair between attempts, so a transient
-    # Microsoft RHUI 400 / repomd.xml download glitch heals automatically.
-    if ! yum list installed "$${package_name}"; then
+    # Use rpm -q to check if installed without contacting RHUI repos
+    if ! rpm -q "$${package_name}" &>/dev/null; then
         yum_retry yum install "$${package}" -y
     fi
 }
@@ -70,22 +73,33 @@ function install_azcli_from_internet() {
         exit 1
     fi
     yum_retry rpm --import https://packages.microsoft.com/keys/microsoft.asc
+
+    local msrepo_url
     if [ "$RHEL_MAJOR_VERSION" -eq 8 ]; then
-        yum_retry dnf install -y https://packages.microsoft.com/config/rhel/8/packages-microsoft-prod.rpm
+        msrepo_url="https://packages.microsoft.com/config/rhel/8/packages-microsoft-prod.rpm"
     elif [ "$RHEL_MAJOR_VERSION" -eq 9 ]; then
-        yum_retry dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm
+        msrepo_url="https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm"
     else
         echo "Unsupported RHEL version: $RHEL_MAJOR_VERSION"
         exit 1
     fi
-    yum_retry dnf install azure-cli -y
+
+    # rpm -Uvh avoids dnf's mandatory metadata refresh, which fails when
+    # Azure RHUI returns 400 on rhel-*-baseos-rhui-rpms.
+    yum_retry rpm -Uvh --replacepkgs "$msrepo_url"
+
+    # Fall back to disabling RHUI if it's degraded; azure-cli's RHEL-side deps
+    # are already in the Azure RHEL PAYG base image.
+    yum_retry dnf install azure-cli -y \
+        || yum_retry dnf install azure-cli -y --disablerepo='rhui-*'
+
     az login --identity --allow-no-subscriptions
 }
 
 function wait_for_systemd() {
     for i in $(seq 1 10); do
-        is_running="$(systemctl is-system-running; echo "")"
-        if "$is_running" == "running" || "$is_running" == "degraded"; then
+        is_running="$(systemctl is-system-running || true)"
+        if [[ "$is_running" == "running" || "$is_running" == "degraded" ]]; then
             return 0
         fi
         sleep 10
@@ -95,9 +109,6 @@ function wait_for_systemd() {
 function install_deps() {
     install_yum_dep_from_internet unzip
     install_yum_dep_from_internet lvm2
-    install_yum_dep_from_internet "https://dl.fedoraproject.org/pub/epel/epel-release-latest-$RHEL_MAJOR_VERSION.noarch.rpm" epel-release
-    install_yum_dep_from_internet jq
-    install_yum_dep_from_internet wget
     command -v az || install_azcli_from_internet
 }
 
@@ -187,7 +198,7 @@ function install_tarball() {
     # Download installation tarball
     if [[ -n "${tarball_url}" ]]; then
         TARBALL_FILE=$APPS_DIR/$(basename "${tarball_url}")
-        wget "${tarball_url}" -O "$TARBALL_FILE" --progress=dot:giga
+        curl -fL --retry 5 --retry-delay 10 -o "$TARBALL_FILE" "${tarball_url}"
     else
         TARBALL_FILE=$APPS_DIR/$(basename "${az_blob}")
         az storage blob download --account-name "${az_storage_account}" --container-name "${az_container}" --name "${az_blob}" --file "$TARBALL_FILE" --auth-mode login >/dev/null
@@ -201,7 +212,7 @@ function install_tarball() {
 }
 
 function set_instance_fqdn() {
-    instance_fqdn=$(cloud-init query -a | jq -r .ds.meta_data.imds.network.interface[0].ipv4.ipAddress[0].privateIpAddress)
+    instance_fqdn=$(cloud-init query -a | python3 -c "import sys,json; print(json.load(sys.stdin)['ds']['meta_data']['imds']['network']['interface'][0]['ipv4']['ipAddress'][0]['privateIpAddress'])")
     if [ -z "$instance_fqdn" ]; then
         echo "Failed to extract instance private FQDN"
         exit 1