[AETHER]-615 Update the Jenkins job
1. Replace the Rancher CLI with Terraform in TOST related jobs.
2. Still the Rancher CLI in FluentBit but will fix it soon
3. Add new jenkins job to install shared resources
Change-Id: I6e4d5ecf696e7a17a1d954df19093005bf14bf8c
diff --git a/jjb/pipeline/tost-deploy-onos.groovy b/jjb/pipeline/tost-deploy-onos.groovy
index d2c062a..24a7914 100644
--- a/jjb/pipeline/tost-deploy-onos.groovy
+++ b/jjb/pipeline/tost-deploy-onos.groovy
@@ -7,80 +7,71 @@
}
environment {
KUBECONFIG = credentials("${params.k8s_config}")
- registry_password = credentials("${params.registry_password_env}")
- git_password = credentials("${params.git_password_env}")
onos_password = credentials("${params.onos_password}")
- rancher_token = credentials("${params.rancher_api_env}")
+ git_password = credentials("${params.git_password_env}")
+ gcp = credentials("${params.gcp_credential}")
+ rancher_dev = credentials("${params.rancher_api_env}")
}
stages {
stage('Install tools') {
steps {
- sh '''
+ sh """
set -x
apt-get update -y
- apt-get install -y curl wget jq git
+ apt-get install -y curl wget jq git unzip
+
+ # Install yq
+ wget https://github.com/mikefarah/yq/releases/download/3.4.0/yq_linux_amd64 -O /usr/bin/yq &&\
+ chmod +x /usr/bin/yq
+ yq --help
# Install kubectl
curl -LO "https://storage.googleapis.com/kubernetes-release/release/v1.18.0/bin/linux/amd64/kubectl"
chmod +x ./kubectl
mv ./kubectl /usr/local/bin/kubectl
- # Install rancher
- wget https://github.com/rancher/cli/releases/download/v2.4.5/rancher-linux-amd64-v2.4.5.tar.gz
- tar -xvf rancher-linux-amd64-v2.4.5.tar.gz
- mv rancher-v2.4.5/rancher /usr/local/bin
-
- rm rancher-linux-amd64-v2.4.5.tar.gz
- rm -rf rancher-v2.4.5
-
- # Test Kubectl & Rancher
- KUBE_CONFIG=$KUBECONFIG kubectl get nodes
- rancher --version
- '''
+ # Install terraform
+ wget https://releases.hashicorp.com/terraform/0.13.2/terraform_0.13.2_linux_amd64.zip
+ unzip terraform_0.13.2_linux_amd64.zip
+ mv terraform /usr/local/bin
+ terraform version
+ """
}
}
- stage('Clone Config Repo') {
- options {
- timeout(time: 10, unit: "SECONDS")
- }
- steps {
- sh '''
- git clone https://${git_user}:${git_password}@${git_server}/${git_repo}
+ stage('Init Terraform') {
+ steps {
+ withCredentials([sshUserPrivateKey(credentialsId: "aether_jenkins", keyFileVariable: 'keyfile')]) {
+
+ sh """#!/bin/bash
+ set -x
+ mkdir -p ~/.ssh
+ ssh-keyscan -t rsa -p 29418 ${git_server} >> ~/.ssh/known_hosts
+cat <<EOF > ~/.ssh/config
+Host ${git_server}
+ User ${git_user}
+ Hostname ${git_server}
+ Port 29418
+ IdentityFile ${keyfile}
+EOF
+
+ git clone "ssh://${git_server}:29418/${git_repo}"
+ cd ${workspace}/${git_repo}/${terraform_dir}/tost/onos
if [ ! -z ${config_review} ] && [ ! -z ${config_patchset} ]; then
- cd ${git_repo}
- CFG_LAST2=$(echo ${config_review} | tail -c 3)
- git fetch "https://${git_user}:${git_password}@${git_server}/a/${git_repo}" refs/changes/${CFG_LAST2}/${config_review}/${config_patchset} && git checkout FETCH_HEAD
- git checkout FETCH_HEAD
- echo "config.review: ${config_review}" >> deployment-configs/aether/apps/${config_env}/onos-ans.yml
- echo "config.patchset: ${config_patchset}" >> deployment-configs/aether/apps/${config_env}/onos-ans.yml
- cd ..
+ CFG_LAST2=\$(echo ${config_review} | tail -c 3)
+ git fetch "ssh://${git_server}:29418/${git_repo}" refs/changes/\${CFG_LAST2}/${config_review}/${config_patchset} && git checkout FETCH_HEAD
+ cp onos.yaml tmp.yaml
+
+cat <<EOF >> config.yaml
+config:
+ review: ${config_review}
+ patchset: ${config_patchset}
+EOF
+
+ yq merge tmp.yaml config.yaml > onos.yaml
fi
- '''
- }
- }
- stage('Login Rancher') {
- steps {
- sh '''
- rancher login ${rancher_server} --token ${rancher_token} --context ${rancher_context}:${rancher_project}
- '''
- }
- }
- stage('Push Secrets') {
- steps {
- sh '''
-
- rancher namespaces ls | grep ${onos_ns} || rancher namespaces create ${onos_ns}
-
- kubectl -n ${onos_ns} delete secret git-secret --ignore-not-found=true
- kubectl -n ${onos_ns} create secret generic git-secret --from-literal=username=${git_user} --from-literal=password=${git_password}
- kubectl -n ${onos_ns} delete secret aether-registry-credential --ignore-not-found=true
- kubectl -n ${onos_ns} create secret docker-registry aether-registry-credential --docker-server=${registry_server} --docker-username=${registry_user} --docker-password=${registry_password}
-
-
-
- kubectl -n ${onos_ns} delete secret onos-secret --ignore-not-found=true
- kubectl -n ${onos_ns} create secret generic onos-secret --from-literal=username=${onos_user} --from-literal=password=${onos_password}
- '''
+ GOOGLE_BACKEND_CREDENTIALS=${gcp} terraform init
+ """
+ }
}
}
@@ -89,22 +80,24 @@
timeout(time: 90, unit: "SECONDS")
}
steps {
- sh '''
- for app in $(rancher apps ls -q | grep -E '(onos-tost)'); do rancher apps delete $app; done
-
- until [ "$(rancher apps ls -q | grep -E '(onos-tost)')" = "" ]; do echo "wait deleted apps"; rancher apps ls ; sleep 1; done
- '''
+ sh """
+ cd ${workspace}/${git_repo}/${terraform_dir}/tost/onos
+ GOOGLE_BACKEND_CREDENTIALS=${gcp} terraform destroy -var-file=${rancher_dev} -var 'cluster_name=${rancher_cluster}' -var 'project_name=tost' -var-file=app_map.tfvars -auto-approve
+ """
}
}
- stage('Remove PVC') {
+ stage('Remove resources') {
options {
timeout(time: 300, unit: "SECONDS")
}
steps {
- sh '''
- pvcs=$(kubectl -n onos-tost get pvc -lapp=onos-tost-atomix -o name)
- for pv in $pvcs; do kubectl -n onos-tost delete $pv; done
- '''
+ sh """
+ pvcs=\$(kubectl -n onos-tost get pvc -lapp=onos-tost-atomix -o name)
+ for pv in \${pvcs}; do kubectl -n onos-tost delete \${pv}; done
+
+ kubectl -n ${onos_ns} delete secret onos-git-secret || true
+ kubectl -n ${onos_ns} delete secret onos-secret || true
+ """
}
}
stage('Install apps') {
@@ -112,19 +105,29 @@
timeout(time: 600, unit: "SECONDS")
}
steps {
- sh '''
- cd ${git_repo}/deployment-configs/aether/apps/${config_env}/
-
- until rancher apps install --answers onos-ans.yml --namespace ${onos_ns} cattle-global-data:${onos_catalog_name}-onos-tost onos-tost; do :; done
- apps=$(rancher apps -q | grep onos-tost)
- for app in $apps; do until rancher wait $app --timeout 20; do :; done; rancher apps ls; done
- '''
+ sh """
+ cd ${workspace}/${git_repo}/${terraform_dir}/tost/onos
+ GOOGLE_BACKEND_CREDENTIALS=${gcp} terraform apply -var-file=${rancher_dev} -var 'cluster_name=${rancher_cluster}' -var 'project_name=tost' -var-file=app_map.tfvars -auto-approve
+ """
}
}
+ stage('Push Secrets') {
+ steps {
+ sh """
+
+ kubectl -n ${onos_ns} create secret generic onos-git-secret --from-literal=username=${git_user} --from-literal=password=${git_password}
+ kubectl -n ${onos_ns} create secret generic onos-secret --from-literal=username=${onos_user} --from-literal=password=${onos_password}
+ """
+ }
+ }
}
post {
always {
+
+ sh """
+ rm -rf ${workspace}/${git_repo}
+ """
cleanWs()
}
}