Newer
Older
CAMPUS_IP: 138.26.48.47
CHEAHA_IP: 172.20.10.9
TEST_IP: 138.26.49.134
AWS_DEFAULT_REGION: "bhm"
AWS_HOST: "s3.lts.rc.uab.edu"
OS_AUTH_TYPE: "v3applicationcredential"
OS_AUTH_URL: "https://keystone.cloud.rc.uab.edu:5000/v3"
OS_IDENTITY_API_VERSION: "3"
OS_INTERFACE: "public"
OS_REGION_NAME: "bhm1"
PKR_VAR_flavor: "m1.small"
PKR_VAR_source_image: "CentOS-7-x86_64-GenericCloud-2009"
PKR_VAR_floating_ip_network: "uab-campus"
PKR_VAR_security_groups: '["allow-ssh"]'
PKR_VAR_networks: '["ec11e2be-8fac-46cf-8fa2-9dffb74ba5df"]'
GIT_AUTHOR_NAME: "Gitlab runner"
GIT_AUTHOR_EMAIL: "gitlab@runner"
PKR_VAR_root_ssh_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAFqqWgmYpEaGtHBeTu27ntVJpYjwq/x5aBefrvfhk8Z9lE3cuZ26vJ9n/9tGE4Zn2Pew1mpZgi6PzfJ3vMt8yA= root@master"
DEV_KEY: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpncAcYosVHt7HsUcE2XOYDuCi4HQnmFJv279LOcpZgXtZ6o0BM1fe5FgJS0X1ohBXQUFRuYJuJSW/GSmC1K8T+wCrKjZLJdMbqrubHV27diUZfdoVkoJy1vcAQF5nEcoTC7MpAFbBomdn2rsrpgQe8DGiURV7+soqybXV1OsIR3FFf6npnUaskHYT/oVtG9eBOnscyBxoVgbxzlmyoBLXED/sHKFw4nQSF/glYKEFiDu6TRTsBBEGvv23Qo/66QpQiFJ6TNfApNiyY9L1X+Dy8EWU6lozmNgwGDjXQ70Lr6xHnA0QGVALJlHXa6QjpgtpC5Nefsdvtf1hpfFo2VutpbSB+aq9jk3gWNN+XkhrWN5PiwP7YYJNw/WozyfL+IhwjfHZGxkuws+wGR6ZKxlX9W9Vrsq9ncYNKuhy2SdsR6s2XECQtrEQ6ZlX5jRt6Yh5M9ls5fMsWEqknDPmr1Ui6wV7NxprYngo9fLSdYO/ETIO3S6PB0aEHOZOyGitGaM06EmNpvjQn/QkkaVgt/O8wKL1o1AVzXhDMAFvtG6ejppV6kuTUHXFgSGZF6N9fnP91HuytyzC09F+NMWcmnRdrgXlHapjuuL3zzi+XLCQvk8+aYTzBKx1nU2FPMDRZ9sInGmqdTuM002E7qVbaCy4OxcWaAS/L2UVhGnHr+egYw== louistw@uab.edu"
workflow:
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
image: $CI_REGISTRY_IMAGE:latest
- |
if [ ! -d $CI_PROJECT_DIR/CRI_XCBC ]; then
git clone https://github.com/uabrc/CRI_XCBC.git
cd CRI_XCBC
git remote add upstream https://github.com/jprorama/CRI_XCBC.git
cd ..
fi
- cd CRI_XCBC
- git config user.name "${GIT_AUTHOR_NAME}"
- git config user.email "${GIT_AUTHOR_EMAIL}"
- git fetch --all
- git fetch origin '+refs/pull/*/head:refs/remotes/origin/pr/*'
- git fetch upstream '+refs/pull/*/head:refs/remotes/upstream/pr/*'
- git checkout uab-prod
- git merge origin/uab-prod
- git checkout -b integration
- git merge upstream/dev
- export CRI_XCBC_HEAD=$(git rev-parse --short HEAD)
- export CRI_XCBC_dev=$(git rev-parse --short upstream/dev)
- export CRI_XCBC_prod=$(git rev-parse --short origin/uab-prod)
- export PACKER_IMAGE_HEAD=$(git rev-parse --short HEAD)
- export BUILD_DATE=$(TZ=America/Chicago date +%Y%m%d)
- echo CRI_XCBC_HEAD=${CRI_XCBC_HEAD} | tee -a $CI_PROJECT_DIR/image.env
- echo CRI_XCBC_dev=${CRI_XCBC_dev} | tee -a $CI_PROJECT_DIR/image.env
- echo CRI_XCBC_prod=${CRI_XCBC_prod} | tee -a $CI_PROJECT_DIR/image.env
- echo PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} | tee -a $CI_PROJECT_DIR/image.env
- echo BUILD_DATE=${BUILD_DATE} | tee -a $CI_PROJECT_DIR/image.env
- >
curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}"
"${CI_API_V4_URL}/projects/2836/repository/files/knightly/raw?ref=main"
-o CRI_XCBC/group_vars/knightly
- s3cmd get --force -r --host=$AWS_HOST --host-bucket=$AWS_HOST s3://cheaha-cloud-ansible-files/ ansible/files/
- 'sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/knightly'
- 'sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/knightly'
- packer validate openstack-ood
- |
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
PKR_VAR_image_name="ood-PR-${CI_MERGE_REQUEST_ID}"
echo OOD_INSTANCE_NAME="ood-PR-${CI_MERGE_REQUEST_ID}" | tee -a $CI_PROJECT_DIR/image.env
elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
PKR_VAR_image_name="ood-${BUILD_DATE}"
echo OOD_INSTANCE_NAME="ood-knightly" | tee -a $CI_PROJECT_DIR/image.env
- >
PKR_VAR_build_instance_name="ood-${CRI_XCBC_HEAD}"
packer build -machine-readable openstack-ood | tee ood_build.log
- export BUILT_OOD_IMAGE_ID=$(grep 'Image:' ood_build.log | awk '{print $4}')
- echo BUILT_OOD_IMAGE_ID=${BUILT_OOD_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
- openstack image set --property CRI_XCBC_prod=${CRI_XCBC_prod} --property CRI_XCBC_dev=${CRI_XCBC_dev} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_OOD_IMAGE_ID}
artifacts:
reports:
dotenv: image.env
image: $CI_REGISTRY_IMAGE:latest
environment:
name: knightly
tags:
- build
script:
- OLD_INSTANCE_IP=$(openstack floating ip list --floating-ip-address $CHEAHA_IP -c "Fixed IP Address" -f value)
- echo $OLD_INSTANCE_IP
- |
if [ ! -z $OLD_INSTANCE_IP ]; then
export OLD_INSTANCE_ID=$(openstack server list --name $OOD_INSTANCE_NAME --ip $OLD_INSTANCE_IP -c ID -f value)
- echo OLD_INSTANCE_ID=$OLD_INSTANCE_ID | tee -a instance.env
- |
cat > user_data.txt << OEOF
#!/bin/bash
cat > /etc/resolv.conf << EOF
search openstack.internal cm.cluster rc.uab.edu ib.cluster drac.cluster eth.cluster ib-hdr.cluster
nameserver 172.20.0.25
EOF
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
ip route replace default via 10.250.0.3 dev eth0
ip route add 172.20.0.0/16 via 10.250.0.1 dev eth0
mkdir -p /run/shibboleth
chown shibd:shibd /run/shibboleth
pip3 install s3cmd
s3cmd get --force -r --access_key=$AWS_ACCESS_KEY_ID --secret_key=$AWS_SECRET_ACCESS_KEY --host=$AWS_HOST --host-bucket=$AWS_HOST s3://knightly-key/ /etc/ssh/
export NEW_INSTANCE_ID=$(openstack server create
-c id -f value --image $BUILT_OOD_IMAGE_ID
--network openstack-cheaha-internal
--security-group ood-https-ports
--security-group allow-ssh
--user-data user_data.txt
--flavor m1.medium
- echo NEW_INSTANCE_ID=$NEW_INSTANCE_ID | tee -a instance.env
- openstack server add floating ip $NEW_INSTANCE_ID $TEST_IP
curl --retry 10 --retry-delay 20 --retry-connrefused https://knightly.rc.uab.edu/Shibboleth.sso/Metadata --resolve knightly.rc.uab.edu:443:$TEST_IP -kf
|| (openstack server delete $NEW_INSTANCE_ID && openstack image delete $BUILT_OOD_IMAGE_ID && false)
- |
if [ $CI_PIPELINE_SOURCE = "schedule" ]; then
openstack server remove floating ip $NEW_INSTANCE_ID $TEST_IP
else
openstack server delete $NEW_INSTANCE_ID
openstack image delete $BUILT_OOD_IMAGE_ID
fi
artifacts:
reports:
dotenv: instance.env
deploy_knightly:
image: $CI_REGISTRY_IMAGE:latest
stage: deploy
environment:
name: knightly
tags:
- build
script:
- |
if [ ! -z $OLD_INSTANCE_ID ]; then
openstack server remove floating ip $OLD_INSTANCE_ID $CAMPUS_IP
openstack server remove floating ip $OLD_INSTANCE_ID $CHEAHA_IP
fi
- |
if [ ! -z $NEW_INSTANCE_ID ]; then
openstack server add floating ip $NEW_INSTANCE_ID $CAMPUS_IP
openstack server add floating ip $NEW_INSTANCE_ID $CHEAHA_IP
fi
SERVER_TO_BE_DELETE=($(openstack server list --name $OOD_INSTANCE_NAME --sort-column Image --sort-descending -f value -c ID | sed -n $(($NUM_SERVER_TO_KEEP+1))',$p'))
IMAGE_TO_BE_DELETE=($(openstack image list --sort-column Name --sort-descending -f value -c Name | grep -P '^ood-\d{8}$' | sed -n $(($NUM_IMAGE_TO_KEEP+1))',$p'))
for svr in ${SERVER_TO_BE_DELETE[@]}; do
for img in ${IMAGE_TO_BE_DELETE[@]}; do