blob: ea190493f757a239061a014a22bf16edbed8866e [file] [log] [blame]
Filip Pytloun0a07f702017-02-24 18:26:18 +01001/**
2 *
3 * Launch heat stack with CI/CD lab infrastructure
4 *
5 * Expected parameters:
6 * HEAT_TEMPLATE_URL URL to git repo with Heat templates
7 * HEAT_TEMPLATE_CREDENTIALS Credentials to the Heat templates repo
8 * HEAT_TEMPLATE_BRANCH Heat templates repo branch
9 * HEAT_STACK_NAME Heat stack name
10 * HEAT_STACK_TEMPLATE Heat stack HOT template
11 * HEAT_STACK_ENVIRONMENT Heat stack environmental parameters
12 * HEAT_STACK_ZONE Heat stack availability zone
13 * HEAT_STACK_PUBLIC_NET Heat stack floating IP pool
14 * HEAT_STACK_DELETE Delete Heat stack when finished (bool)
15 * HEAT_STACK_CLEANUP_JOB Name of job for deleting Heat stack
16 * HEAT_STACK_REUSE Reuse Heat stack (don't create one)
17 *
18 * SALT_MASTER_CREDENTIALS Credentials to the Salt API
Filip Pytloune32fda82017-02-24 18:26:18 +010019 * SALT_MASTER_PORT Port of salt-api, defaults to 8000
Filip Pytloun0a07f702017-02-24 18:26:18 +010020 *
21 * OPENSTACK_API_URL OpenStack API address
22 * OPENSTACK_API_CREDENTIALS Credentials to the OpenStack API
23 * OPENSTACK_API_PROJECT OpenStack project to connect to
24 * OPENSTACK_API_CLIENT Versions of OpenStack python clients
25 * OPENSTACK_API_VERSION Version of the OpenStack API (2/3)
26 *
27 */
28
Filip Pytlounad2b36b2017-03-04 20:33:41 +010029common = new com.mirantis.mk.Common()
Filip Pytloun0a07f702017-02-24 18:26:18 +010030git = new com.mirantis.mk.Git()
31openstack = new com.mirantis.mk.Openstack()
32salt = new com.mirantis.mk.Salt()
33orchestrate = new com.mirantis.mk.Orchestrate()
Jakub Josef458913d2017-05-10 15:37:56 +020034_MAX_PERMITTED_STACKS = 2
Filip Pytlounbfce09d2017-03-01 19:00:43 +010035timestamps {
36 node {
37 try {
38 // connection objects
39 def openstackCloud
40 def saltMaster
Filip Pytloun0a07f702017-02-24 18:26:18 +010041
Filip Pytlounbfce09d2017-03-01 19:00:43 +010042 // value defaults
43 def openstackVersion = OPENSTACK_API_CLIENT ? OPENSTACK_API_CLIENT : 'liberty'
44 def openstackEnv = "${env.WORKSPACE}/venv"
Filip Pytloun0a07f702017-02-24 18:26:18 +010045
Filip Pytloun3eefd3d2017-03-03 14:13:41 +010046 try {
47 sshPubKey = SSH_PUBLIC_KEY
48 } catch (MissingPropertyException e) {
49 sshPubKey = false
50 }
51
Filip Pytloun794ad952017-03-03 10:39:26 +010052 if (HEAT_STACK_REUSE.toBoolean() == true && HEAT_STACK_NAME == '') {
53 error("If you want to reuse existing stack you need to provide it's name")
54 }
55
56 if (HEAT_STACK_REUSE.toBoolean() == false) {
57 // Don't allow to set custom heat stack name
58 wrap([$class: 'BuildUser']) {
Tomáš Kukrál24d7fe62017-03-03 10:57:11 +010059 if (env.BUILD_USER_ID) {
60 HEAT_STACK_NAME = "${env.BUILD_USER_ID}-${JOB_NAME}-${BUILD_NUMBER}"
61 } else {
62 HEAT_STACK_NAME = "jenkins-${JOB_NAME}-${BUILD_NUMBER}"
63 }
Filip Pytloun794ad952017-03-03 10:39:26 +010064 currentBuild.description = HEAT_STACK_NAME
65 }
Filip Pytlounfd6726a2017-02-28 19:31:16 +010066 }
Filip Pytloun5b0954b2017-03-01 10:10:18 +010067
Filip Pytloun3d045f82017-03-01 09:44:52 +010068 //
Filip Pytlounbfce09d2017-03-01 19:00:43 +010069 // Bootstrap
Filip Pytloun3d045f82017-03-01 09:44:52 +010070 //
Filip Pytlounbfce09d2017-03-01 19:00:43 +010071
72 stage ('Download Heat templates') {
73 git.checkoutGitRepository('template', HEAT_TEMPLATE_URL, HEAT_TEMPLATE_BRANCH, HEAT_TEMPLATE_CREDENTIALS)
Filip Pytloun3d045f82017-03-01 09:44:52 +010074 }
Filip Pytloun3d045f82017-03-01 09:44:52 +010075
Filip Pytlounbfce09d2017-03-01 19:00:43 +010076 stage('Install OpenStack CLI') {
77 openstack.setupOpenstackVirtualenv(openstackEnv, openstackVersion)
78 }
Filip Pytloun64123cd2017-03-01 11:26:17 +010079
Filip Pytlounbfce09d2017-03-01 19:00:43 +010080 stage('Connect to OpenStack cloud') {
81 openstackCloud = openstack.createOpenstackEnv(OPENSTACK_API_URL, OPENSTACK_API_CREDENTIALS, OPENSTACK_API_PROJECT)
82 openstack.getKeystoneToken(openstackCloud, openstackEnv)
Jakub Josef458913d2017-05-10 15:37:56 +020083 wrap([$class: 'BuildUser']) {
Tomáš Kukrálab2f3702017-05-11 09:17:43 +020084 if (env.BUILD_USER_ID && !env.BUILD_USER_ID.equals("jenkins") && !HEAT_STACK_REUSE.toBoolean()) {
Jakub Josef78c3f8b2017-05-10 15:45:29 +020085 def existingStacks = openstack.getStacksForNameContains(openstackCloud, "${env.BUILD_USER_ID}-${JOB_NAME}", openstackEnv)
86 if(existingStacks.size() >= _MAX_PERMITTED_STACKS){
Jakub Josef124403a2017-05-10 15:58:06 +020087 HEAT_STACK_DELETE = "false"
Jakub Josef78c3f8b2017-05-10 15:45:29 +020088 throw new Exception("You cannot create new stack, you already have ${_MAX_PERMITTED_STACKS} stacks of this type (${JOB_NAME}). \nStack names: ${existingStacks}")
89 }
Jakub Josef458913d2017-05-10 15:37:56 +020090 }
91 }
Filip Pytlounbfce09d2017-03-01 19:00:43 +010092 }
93
Filip Pytloun794ad952017-03-03 10:39:26 +010094 if (HEAT_STACK_REUSE.toBoolean() == false) {
Filip Pytlounbfce09d2017-03-01 19:00:43 +010095 stage('Launch new Heat stack') {
96 envParams = [
97 'instance_zone': HEAT_STACK_ZONE,
98 'public_net': HEAT_STACK_PUBLIC_NET
99 ]
100 openstack.createHeatStack(openstackCloud, HEAT_STACK_NAME, HEAT_STACK_TEMPLATE, envParams, HEAT_STACK_ENVIRONMENT, openstackEnv)
101 }
102 }
103
104 stage('Connect to Salt master') {
105 def saltMasterPort
106 try {
107 saltMasterPort = SALT_MASTER_PORT
108 } catch (MissingPropertyException e) {
Filip Pytloun2ef26132017-03-10 09:44:37 +0100109 saltMasterPort = 6969
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100110 }
111 saltMasterHost = openstack.getHeatStackOutputParam(openstackCloud, HEAT_STACK_NAME, 'salt_master_ip', openstackEnv)
Jakub Josefbde0d442017-04-07 16:32:58 +0200112 currentBuild.description = "${HEAT_STACK_NAME}: ${saltMasterHost}"
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100113 saltMasterUrl = "http://${saltMasterHost}:${saltMasterPort}"
114 saltMaster = salt.connection(saltMasterUrl, SALT_MASTER_CREDENTIALS)
115 }
116
117 //
118 // Install
119 //
120
121 stage('Install core infra') {
122 // salt.master, reclass
123 // refresh_pillar
124 // sync_all
125 // linux,openssh,salt.minion.ntp
126
127 orchestrate.installFoundationInfra(saltMaster)
128 orchestrate.validateFoundationInfra(saltMaster)
129 }
130
131 stage("Deploy GlusterFS") {
132 salt.enforceState(saltMaster, 'I@glusterfs:server', 'glusterfs.server.service', true)
Filip Pytloun97e6fff2017-03-30 16:56:11 +0200133 retry(2) {
134 salt.enforceState(saltMaster, 'ci01*', 'glusterfs.server.setup', true)
135 }
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100136 sleep(5)
137 salt.enforceState(saltMaster, 'I@glusterfs:client', 'glusterfs.client', true)
Filip Pytloun5555b452017-04-19 12:41:44 +0200138
139 timeout(5) {
140 println "Waiting for GlusterFS volumes to get mounted.."
141 salt.cmdRun(saltMaster, 'I@glusterfs:client', 'while true; do systemctl -a|grep "GlusterFS File System"|grep -v mounted >/dev/null || break; done')
142 }
Jakub Joseffafd6592017-03-27 18:53:17 +0200143 print common.prettyPrint(salt.cmdRun(saltMaster, 'I@glusterfs:client', 'mount|grep fuse.glusterfs || echo "Command failed"'))
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100144 }
145
146 stage("Deploy GlusterFS") {
147 salt.enforceState(saltMaster, 'I@haproxy:proxy', 'haproxy,keepalived')
148 }
149
150 stage("Setup Docker Swarm") {
151 salt.enforceState(saltMaster, 'I@docker:host', 'docker.host', true)
152 salt.enforceState(saltMaster, 'I@docker:swarm:role:master', 'docker.swarm', true)
153 salt.enforceState(saltMaster, 'I@docker:swarm:role:master', 'salt', true)
154 salt.runSaltProcessStep(saltMaster, 'I@docker:swarm:role:master', 'mine.flush')
155 salt.runSaltProcessStep(saltMaster, 'I@docker:swarm:role:master', 'mine.update')
156 salt.enforceState(saltMaster, 'I@docker:swarm', 'docker.swarm', true)
Jakub Joseffafd6592017-03-27 18:53:17 +0200157 print common.prettyPrint(salt.cmdRun(saltMaster, 'I@docker:swarm:role:master', 'docker node ls'))
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100158 }
159
Ilya Kharin04c09982017-03-30 14:46:20 +0400160 stage("Configure OSS services") {
161 salt.enforceState(saltMaster, 'I@devops_portal:config', 'devops_portal.config')
Ilya Kharin7a18c322017-04-24 18:49:34 +0400162 salt.enforceState(saltMaster, 'I@rundeck:server', 'rundeck.server')
Ilya Kharin04c09982017-03-30 14:46:20 +0400163 }
164
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100165 stage("Deploy Docker services") {
Filip Pytloun82d628a2017-06-05 13:14:32 +0200166 // We need /etc/aptly-publisher.yaml to be present before
167 // services are deployed
Filip Pytloundf7823c2017-06-14 15:22:40 +0200168 // XXX: for some weird unknown reason, refresh_pillar is
169 // required to execute here
Filip Pytlounaebfa9c2017-06-14 16:12:57 +0200170 salt.runSaltProcessStep(saltMaster, 'I@aptly:publisher', 'saltutil.refresh_pillar', [], null, true)
Filip Pytloun82d628a2017-06-05 13:14:32 +0200171 salt.enforceState(saltMaster, 'I@aptly:publisher', 'aptly.publisher', true)
Filip Pytloun65b928d2017-04-18 17:19:30 +0200172 retry(3) {
Filip Pytlound6d18502017-04-13 15:35:07 +0200173 sleep(5)
174 salt.enforceState(saltMaster, 'I@docker:swarm:role:master', 'docker.client')
175 }
Ilya Kharin10e0ae32017-07-07 01:27:59 +0400176 // XXX: Workaround to have `/var/lib/jenkins` on all
177 // nodes where are jenkins_slave services are created.
178 salt.runSaltProcessStep(saltMaster, 'I@docker:swarm', 'cmd.run', ['mkdir -p /var/lib/jenkins'])
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100179 }
180
181 stage("Configure CI/CD services") {
Filip Pytloun29d0bc12017-03-10 14:39:26 +0100182 salt.syncAll(saltMaster, '*')
183
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100184 // Aptly
Filip Pytloun6cde7882017-03-28 17:22:18 +0200185 timeout(10) {
186 println "Waiting for Aptly to come up.."
Filip Pytlounb1ddf322017-05-12 16:18:31 +0200187 retry(2) {
188 // XXX: retry to workaround magical VALUE_TRIMMED
189 // response from salt master + to give slow cloud some
190 // more time to settle down
191 salt.cmdRun(saltMaster, 'I@aptly:server', 'while true; do curl -sf http://172.16.10.254:8084/api/version >/dev/null && break; done')
192 }
Filip Pytloun6cde7882017-03-28 17:22:18 +0200193 }
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100194 salt.enforceState(saltMaster, 'I@aptly:server', 'aptly', true)
195
Filip Pytloun03983812017-03-28 13:07:34 +0200196 // OpenLDAP
197 timeout(10) {
198 println "Waiting for OpenLDAP to come up.."
Filip Pytlounb1ddf322017-05-12 16:18:31 +0200199 salt.cmdRun(saltMaster, 'I@openldap:client', 'while true; do curl -sf ldap://172.16.10.254 >/dev/null && break; done')
Filip Pytloun03983812017-03-28 13:07:34 +0200200 }
201 salt.enforceState(saltMaster, 'I@openldap:client', 'openldap', true)
202
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100203 // Gerrit
204 timeout(10) {
205 println "Waiting for Gerrit to come up.."
Filip Pytlounb1ddf322017-05-12 16:18:31 +0200206 salt.cmdRun(saltMaster, 'I@gerrit:client', 'while true; do curl -sf 172.16.10.254:8080 >/dev/null && break; done')
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100207 }
Filip Pytlounb1ddf322017-05-12 16:18:31 +0200208 salt.enforceState(saltMaster, 'I@gerrit:client', 'gerrit', true)
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100209
210 // Jenkins
211 timeout(10) {
212 println "Waiting for Jenkins to come up.."
Filip Pytlounb1ddf322017-05-12 16:18:31 +0200213 salt.cmdRun(saltMaster, 'I@jenkins:client', 'while true; do curl -sf 172.16.10.254:8081 >/dev/null && break; done')
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100214 }
Filip Pytloun45d40742017-05-12 18:19:44 +0200215 retry(2) {
216 // XXX: needs retry as first run installs python-jenkins
217 // thus make jenkins modules available for second run
218 salt.enforceState(saltMaster, 'I@jenkins:client', 'jenkins', true)
219 }
Ilya Kharin7a18c322017-04-24 18:49:34 +0400220
Volodymyr Stoiko75e341e2017-05-30 01:45:21 +0300221 // Postgres client - initialize OSS services databases
222 timeout(300){
223 println "Waiting for postgresql database to come up.."
Ilya Kharin51a5d972017-06-28 13:36:30 +0400224 salt.cmdRun(saltMaster, 'I@postgresql:client', 'while true; do if docker service logs postgresql_db | grep "ready to accept"; then break; else sleep 5; fi; done')
Volodymyr Stoiko75e341e2017-05-30 01:45:21 +0300225 }
Ilya Kharin51a5d972017-06-28 13:36:30 +0400226 salt.enforceState(saltMaster, 'I@postgresql:client', 'postgresql.client', true, false)
Volodymyr Stoiko75e341e2017-05-30 01:45:21 +0300227
228 // Setup postgres database with integration between
229 // Pushkin notification service and Security Monkey security audit service
230 timeout(10) {
231 println "Waiting for Pushkin to come up.."
Ilya Kharin51a5d972017-06-28 13:36:30 +0400232 salt.cmdRun(saltMaster, 'I@postgresql:client', 'while true; do curl -sf 172.16.10.254:8887/apps >/dev/null && break; done')
Volodymyr Stoiko75e341e2017-05-30 01:45:21 +0300233 }
Ilya Kharin51a5d972017-06-28 13:36:30 +0400234 salt.enforceState(saltMaster, 'I@postgresql:client', 'postgresql.client', true)
Volodymyr Stoiko75e341e2017-05-30 01:45:21 +0300235
Ilya Kharin7a18c322017-04-24 18:49:34 +0400236 // Rundeck
237 timeout(10) {
238 println "Waiting for Rundeck to come up.."
Filip Pytlounb1ddf322017-05-12 16:18:31 +0200239 salt.cmdRun(saltMaster, 'I@rundeck:client', 'while true; do curl -sf 172.16.10.254:4440 >/dev/null && break; done')
Ilya Kharin7a18c322017-04-24 18:49:34 +0400240 }
Filip Pytlounb1ddf322017-05-12 16:18:31 +0200241 salt.enforceState(saltMaster, 'I@rundeck:client', 'rundeck.client', true)
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100242 }
243
244 stage("Finalize") {
245 //
Filip Pytloun3eefd3d2017-03-03 14:13:41 +0100246 // Deploy user's ssh key
247 //
Filip Pytloun0da421f2017-03-03 18:50:45 +0100248 def adminUser
249 def authorizedKeysFile
Filip Pytloun9935af02017-05-15 18:09:17 +0200250 def adminUserCmdOut = salt.cmdRun(saltMaster, 'I@salt:master', "[ ! -d /home/ubuntu ] || echo 'ubuntu user exists'")
Filip Pytlounbfa918a2017-03-04 10:01:30 +0100251 if (adminUserCmdOut =~ /ubuntu user exists/) {
Filip Pytloun0da421f2017-03-03 18:50:45 +0100252 adminUser = "ubuntu"
253 authorizedKeysFile = "/home/ubuntu/.ssh/authorized_keys"
254 } else {
255 adminUser = "root"
256 authorizedKeysFile = "/root/.ssh/authorized_keys"
257 }
Filip Pytloun3eefd3d2017-03-03 14:13:41 +0100258
Filip Pytloun0da421f2017-03-03 18:50:45 +0100259 if (sshPubKey) {
Filip Pytloun3eefd3d2017-03-03 14:13:41 +0100260 println "Deploying provided ssh key at ${authorizedKeysFile}"
Filip Pytloun4a847d62017-03-03 15:54:56 +0100261 salt.cmdRun(saltMaster, '*', "echo '${sshPubKey}' | tee -a ${authorizedKeysFile}")
Filip Pytloun3eefd3d2017-03-03 14:13:41 +0100262 }
263
264 //
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100265 // Generate docs
266 //
267 try {
Filip Pytloun64ff0792017-03-07 16:47:46 +0100268 try {
269 // Run sphinx state to install sphinx-build needed in
270 // upcomming orchestrate
271 salt.enforceState(saltMaster, 'I@sphinx:server', 'sphinx')
272 } catch (Throwable e) {
273 true
274 }
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100275 retry(3) {
Filip Pytloun27e8fa02017-03-01 20:02:46 +0100276 // TODO: fix salt.orchestrateSystem
277 // print salt.orchestrateSystem(saltMaster, ['expression': '*', 'type': 'compound'], 'sphinx.orch.generate_doc')
Filip Pytlounc17161d2017-03-03 09:50:54 +0100278 def out = salt.cmdRun(saltMaster, 'I@salt:master', 'salt-run state.orchestrate sphinx.orch.generate_doc || echo "Command execution failed"')
Jakub Joseffafd6592017-03-27 18:53:17 +0200279 print common.prettyPrint(out)
Filip Pytlounc17161d2017-03-03 09:50:54 +0100280 if (out =~ /Command execution failed/) {
281 throw new Exception("Command execution failed")
282 }
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100283 }
284 } catch (Throwable e) {
285 // We don't want sphinx docs to ruin whole build, so possible
286 // errors are just ignored here
287 true
288 }
289 salt.enforceState(saltMaster, 'I@nginx:server', 'nginx')
290
Filip Pytlouna4000402017-05-16 10:12:02 +0200291 def failedSvc = salt.cmdRun(saltMaster, '*', """systemctl --failed | grep -E 'loaded[ \t]+failed' && echo 'Command execution failed' || true""")
Jakub Joseffafd6592017-03-27 18:53:17 +0200292 print common.prettyPrint(failedSvc)
Filip Pytlounbd619272017-03-22 12:21:01 +0100293 if (failedSvc =~ /Command execution failed/) {
294 common.errorMsg("Some services are not running. Environment may not be fully functional!")
295 }
296
Filip Pytlound9427392017-03-04 13:58:08 +0100297 common.successMsg("""
Filip Pytloun794ad952017-03-03 10:39:26 +0100298 ============================================================
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100299 Your CI/CD lab has been deployed and you can enjoy it:
Filip Pytloun3eefd3d2017-03-03 14:13:41 +0100300 Use sshuttle to connect to your private subnet:
301
Filip Pytloun85464052017-03-03 16:31:43 +0100302 sshuttle -r ${adminUser}@${saltMasterHost} 172.16.10.0/24
Filip Pytloun3eefd3d2017-03-03 14:13:41 +0100303
304 And visit services running at 172.16.10.254 (vip address):
305
Ilya Kharin04c09982017-03-30 14:46:20 +0400306 9600 HAProxy statistics
307 8080 Gerrit
308 8081 Jenkins
Filip Pytlound0d700d2017-03-29 11:15:42 +0200309 8089 LDAP administration
Ilya Kharin04c09982017-03-30 14:46:20 +0400310 4440 Rundeck
311 8084 DevOps Portal
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100312 8091 Docker swarm visualizer
313 8090 Reclass-generated documentation
314
Filip Pytloun3eefd3d2017-03-03 14:13:41 +0100315 If you provided SSH_PUBLIC_KEY, you can use it to login,
316 otherwise you need to get private key connected to this
317 heat template.
318
319 DON'T FORGET TO TERMINATE YOUR STACK WHEN YOU DON'T NEED IT!
Filip Pytloun85464052017-03-03 16:31:43 +0100320 ============================================================""")
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100321 }
322 } catch (Throwable e) {
323 // If there was an error or exception thrown, the build failed
324 currentBuild.result = "FAILURE"
325 throw e
326 } finally {
327 // Cleanup
Filip Pytloun794ad952017-03-03 10:39:26 +0100328 if (HEAT_STACK_DELETE.toBoolean() == true) {
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100329 stage('Trigger cleanup job') {
Ilya Kharin38b261d2017-06-29 01:42:59 +0400330 build(job: 'deploy-stack-cleanup', parameters: [
331 [$class: 'StringParameterValue', name: 'STACK_NAME', value: HEAT_STACK_NAME],
332 [$class: 'StringParameterValue', name: 'OPENSTACK_API_PROJECT', value: OPENSTACK_API_PROJECT],
333 ])
Filip Pytlounbfce09d2017-03-01 19:00:43 +0100334 }
Filip Pytlounfd6726a2017-02-28 19:31:16 +0100335 }
Filip Pytloun23741982017-02-27 17:43:00 +0100336 }
Filip Pytlounf6e877f2017-02-28 19:38:16 +0100337 }
Filip Pytloun0a07f702017-02-24 18:26:18 +0100338}