#53 [C3i-67] Trigger Ansible Tower deployment jobs
Merged 4 years ago by pbortlov. Opened 4 years ago by pbortlov.
pbortlov/c3i-library tower-prod-deployment  into  master

file modified
+9 -1
@@ -11,12 +11,13 @@ 

  Requirements

  ------------

  

- Integration with pagure.io:

+ #### Integration with pagure.io:

  * Projects have to set 'Fedmsg notifications' in 'Project Options'

  * Projects have to activate 'Hooks' -> 'Fedmsg'

  * OpenShift namespace contains secret defined by `c3i_pagure_api_key_secret`

    - Token permissions: Flag a commit, Comment on a pull-request, Flag a pull-request

  

+ 

  Jenkins master is listening on Fedmsg and UMB.

  

  Secret creation:
@@ -28,6 +29,13 @@ 

  

  Due to pagure.io connection issue it's recommended to set 'SCM checkout retry count' in Jenkins global configuration to 10.

  

+ #### Integration with Ansible tower:

+ * OpenShift namespace contains secret defined by `c3i_tower_secret: tower-promotion-secret`

+ 

+ Secret creation:

+ 

+ ```oc create secret generic tower-promotion-secret --from-literal=USERNAME=<toweruser> --from-literal=PASSWORD=<toweruserpass>```

+ 

  Workflows

  ---------

  ### Pre-merge

@@ -106,3 +106,12 @@ 

  #   3) Build from noop stages is removed.

  #   4) Job is reconfigured with final configuration.

  c3i_trigger_update_only: false

+ 

+ # Ansible tower instance

+ c3i_tower_instance: https://tower.engineering.redhat.com

+ # Ansible template ID

+ c3i_tower_template_id_dev:

+ c3i_tower_template_id_stage:

+ c3i_tower_template_id_prod:

+ # Ansible credentials - USERNAME and PASSWORD

+ c3i_tower_secret: tower-promotion-secret

@@ -223,6 +223,12 @@ 

          }

        }

      }

+     stage('Triggering Tower deployment') {

+       when {

+         expression { env.GIT_REPO_REF == params.GIT_MAIN_BRANCH && params.TOWER_TEMPLATE_ID && params.TOWER_SECRET }

+       }

+       {% include "triggering-tower-steps.groovy" %}

+     }

    }

    post {

      success {

@@ -56,5 +56,12 @@ 

        # CI_MESSAGE and MESSAGE_HEADERS are used internally by JMS messaging plugin

        - name: CI_MESSAGE

        - name: MESSAGE_HEADERS

+       # Tower variables

+       - name: TOWER_INSTANCE

+         value: {{ c3i_tower_instance }}

+       - name: TOWER_TEMPLATE_ID

+         value: "{{ c3i_tower_template_id_dev }}"

+       - name: TOWER_SECRET

+         value: {{ c3i_tower_secret }}

        jenkinsfile: |

          {% filter indent(width=10) %}{% include "templates/build.Jenkinsfile" %}{% endfilter %}

@@ -130,6 +130,12 @@ 

          }

        }

      }

+     stage('Triggering Tower deployment') {

+       when {

+         expression { env.ALLOW_DEPLOYMENT && params.TOWER_TEMPLATE_ID && params.TOWER_SECRET }

+       }

+       {% include "triggering-tower-steps.groovy" %}

+     }

    }

    {% endif %}

  

@@ -46,5 +46,12 @@ 

        # CI_MESSAGE and MESSAGE_HEADERS are used internally by JMS messaging plugin

        - name: CI_MESSAGE

        - name: MESSAGE_HEADERS

+         value:

+       - name: TOWER_INSTANCE

+         value: {{ c3i_tower_instance }}

+       - name: TOWER_TEMPLATE_ID

+         value: "{{ job_vars.tower_template_id }}"

+       - name: TOWER_SECRET

+         value: {{ c3i_tower_secret }}

        jenkinsfile: |

          {% filter indent(width=10) %}{% include "templates/greenwave-promote.Jenkinsfile" %}{% endfilter %}

@@ -6,3 +6,4 @@ 

  promoting_destination_prefix: "{{ c3i_quay_address }}/{{ c3i_quay_namespace }}"

  source_container_repo_prefix: "{{ c3i_quay_address }}/{{ c3i_quay_namespace }}"

  semaphore_check: True

+ tower_template_id: "{{ c3i_tower_template_id_prod }}"

@@ -6,3 +6,4 @@ 

  promoting_destination_prefix: "{{ c3i_quay_address }}/{{ c3i_quay_namespace }}"

  source_container_repo_prefix: "{{ c3i_quay_address }}/{{ c3i_quay_namespace }}"

  semaphore_check: False

+ tower_template_id: "{{ c3i_tower_template_id_stage }}"

@@ -0,0 +1,43 @@ 

+ steps {

+   script {

+     echo "Curl ${params.TOWER_INSTANCE}/api/v2/job_templates/${params.TOWER_TEMPLATE_ID}/launch/"

+     openshift.withCluster() {

+       if ( openshift.selector('secret', params.TOWER_SECRET).exists() ) {

+         def towerSecretData = openshift.selector('secret', params.TOWER_SECRET).object().data

+         if ( !towerSecretData.containsKey("USERNAME") || !towerSecretData.containsKey("PASSWORD") ) {

+           error("There is not USERNAME or PASSWORD in ${params.TOWER_SECRET}")

+         }

+         def towerUser = new String(towerSecretData.USERNAME.decodeBase64())

+         def towerPassword = new String(towerSecretData.PASSWORD.decodeBase64())

+ 

+         def launchUrl = "${params.TOWER_INSTANCE}/api/v2/job_templates/${params.TOWER_TEMPLATE_ID}/launch/"

+         echo "curl -X POST -u ${towerUser}:***** ${launchUrl}"

+         def launchOut = sh script: "set +x; curl -k -X POST -u ${towerUser}:${towerPassword} ${launchUrl}", returnStdout: true

+         def launchOutJson

+         try {

+           launchOutJson = readJSON text: launchOut

+         } catch (Exception e) {

+           error("Unable parse output: ${launchOut}")

+         }

+         if (!launchOutJson.containsKey("created")){

+           error("Job was not created from template: ${launchOut}")

+         }

+         def finished = launchOutJson.finished

+         def jobUrl = "${params.TOWER_INSTANCE}${launchOutJson.url}"

+         def jobOutJson

+         while(finished == "null"){

+           sh "set +x; sleep 5; echo 'checking state of ${launchOutJson.id} job'"

+           def jobOut = sh script: "set +x; curl -k -u ${towerUser}:${towerPassword} ${jobUrl}", returnStdout: true

+           jobOutJson = readJSON text: jobOut

+           finished = jobOutJson.finished

+         }

+         if (jobOutJson.failed) {

+           error("Tower job ${params.TOWER_INSTANCE}/#/jobs/playbook/${jobOutJson.id} execution failed")

+         }

+         echo "Job ${params.TOWER_INSTANCE}/#/jobs/playbook/${jobOutJson.id} execution passed"

+       } else {

+         error("Secret ${params.TOWER_SECRET} doesn't exist")

+       }

+     }

+   }

+ }

@@ -141,9 +141,11 @@ 

        steps {

          script {

            openshift.withCluster() {

-             factorySecret = openshift.selector('secret', 'factory2-c3i-verification-secret').object(exportable:true)

-             openshift.withProject(env.PIPELINE_ID) {

-               openshift.create(factorySecret)

+             ['factory2-c3i-verification-secret', 'tower-promotion-secret'].each {

+               def secret = openshift.selector('secret', it).object(exportable:true)

+               openshift.withProject(env.PIPELINE_ID) {

+                 openshift.create(secret)

+               }

              }

            }

          }

@@ -2,6 +2,9 @@ 

  c3i_build_and_test_snippet: snippets/build-and-test.groovy

  c3i_integration_test_snippet: snippets/full-integration-test.groovy

  

+ c3i_tower_template_id_stage: 1197

+ c3i_tower_template_id_dev: 1197

+ 

  c3i_mail_address:

  

  c3i_lib_url:

WIP: the deploying to tower is not done yet

1 new commit added

  • Change variables and add deployment to the stage
4 years ago

2 new commits added

  • Change variables and add deployment to the stage
  • Add Tower variables
4 years ago

1 new commit added

  • Change curl method to POST
4 years ago

1 new commit added

  • Change tower instance variable and add dev template id variable
4 years ago

Use env.TOWER_INSTANCE and env.TOWER_TEMPLATE_ID

1 new commit added

  • Change prmotion varibales
4 years ago

5 new commits added

  • Change promotion variables
  • Change tower instance variable and add dev template id variable
  • Change curl method to POST
  • Change variables and add deployment to the stage
  • Add Tower variables
4 years ago

Build d408e057b9a89043f74662a1e8a9104df932b8b0 FAILED!
Rebase or make new commits to rebuild.

rebased onto c2607a07d05e260778c557a47755aea1e101caff

4 years ago

rebased onto 97e90b6bb1c771727371c8622e4c225a8018d7e4

4 years ago

rebased onto 08b188e7e1253bd8202351a06e4ad7ebbbfe00ca

4 years ago

Build 08b188e7e1253bd8202351a06e4ad7ebbbfe00ca FAILED!
Rebase or make new commits to rebuild.

rebased onto 8c7220b5c1b0807ff3deaf6ef695718eed630037

4 years ago

rebased onto 6b9f3735a735d6fc32f10b23f1d0813876d5ec1e

4 years ago

rebased onto c0f9fa44f98c421a4c8626d563830f0262527b9b

4 years ago

Build 6b9f3735a735d6fc32f10b23f1d0813876d5ec1e FAILED!
Rebase or make new commits to rebuild.

rebased onto b9fbae3b904178df589065b0cde27efdf6ec2899

4 years ago

rebased onto 00bab18e47e82420602013eed6e6aea6d1e2f835

4 years ago

rebased onto 206aa3af4a692baecbec22d4b18b770beb070e26

4 years ago

rebased onto fe9c8dd3fbe41eba1abeaccd58f5f8d9f336d4f4

4 years ago

Build 206aa3af4a692baecbec22d4b18b770beb070e26 FAILED!
Rebase or make new commits to rebuild.

rebased onto a85a1c56e04144337fcd7a002b524ad55e038f24

4 years ago

Build fe9c8dd3fbe41eba1abeaccd58f5f8d9f336d4f4 FAILED!
Rebase or make new commits to rebuild.

check first that USERNAME is in dict, otherwise fail:
https://www.tutorialspoint.com/groovy/groovy_containskey.htm
towerSecretData.containsKey("USERNAME")

rebased onto b3982d8caf48a4bb328f07a33a0f016a10f766f6

4 years ago

rebased onto 66a03315b17da29bfd0469a9c4e60a2629bff4de

4 years ago

Build 66a03315b17da29bfd0469a9c4e60a2629bff4de FAILED!
Rebase or make new commits to rebuild.

I reran the job and everything ok.

rebased onto b94b54b5746149986355e5f7cda99eb60cc97b1b

4 years ago

Build b94b54b5746149986355e5f7cda99eb60cc97b1b FAILED!
Rebase or make new commits to rebuild.

rebased onto 2c45224c10c04474dbc110ee314b1b3fe4190bbc

4 years ago

Build 2c45224c10c04474dbc110ee314b1b3fe4190bbc FAILED!
Rebase or make new commits to rebuild.

rebased onto 888b981a82a34d8dbe2417919eab84d77d858d24

4 years ago

rebased onto b9e169b981fcdc8b8621d2fcb92c23720dabe78e

4 years ago

rebased onto dcf92ec

4 years ago

Build dcf92ec FAILED!
Rebase or make new commits to rebuild.

Build dcf92ec FAILED!
Rebase or make new commits to rebuild.

Pull-Request has been merged by pbortlov

4 years ago
Metadata