Newer
Older
CAMPUS_IP: 138.26.48.47
CHEAHA_IP: 172.20.10.9
TEST_IP: 138.26.49.134
AWS_DEFAULT_REGION: "bhm"
AWS_HOST: "s3.lts.rc.uab.edu"
OS_AUTH_TYPE: "v3applicationcredential"
OS_AUTH_URL: "https://keystone.cloud.rc.uab.edu:5000/v3"
OS_IDENTITY_API_VERSION: "3"
OS_INTERFACE: "public"
OS_REGION_NAME: "bhm1"
PKR_VAR_source_image: "CentOS-7-x86_64-GenericCloud-2009"
PKR_VAR_floating_ip_network: "uab-campus"
PKR_VAR_security_groups: '["allow-ssh"]'
PKR_VAR_networks: '["8cf2f12e-905d-46d9-bc70-b0897c65f75a"]'
PKR_VAR_image_membership: '["cf6fa1e53d4c40a49f4e0e469c440359"]'
GIT_AUTHOR_NAME: "Gitlab runner"
GIT_AUTHOR_EMAIL: "gitlab@runner"
TIMESTAMP_REGEXP: '[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{6}'
PKR_VAR_root_ssh_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAFqqWgmYpEaGtHBeTu27ntVJpYjwq/x5aBefrvfhk8Z9lE3cuZ26vJ9n/9tGE4Zn2Pew1mpZgi6PzfJ3vMt8yA= root@master"
DEV_KEY: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpncAcYosVHt7HsUcE2XOYDuCi4HQnmFJv279LOcpZgXtZ6o0BM1fe5FgJS0X1ohBXQUFRuYJuJSW/GSmC1K8T+wCrKjZLJdMbqrubHV27diUZfdoVkoJy1vcAQF5nEcoTC7MpAFbBomdn2rsrpgQe8DGiURV7+soqybXV1OsIR3FFf6npnUaskHYT/oVtG9eBOnscyBxoVgbxzlmyoBLXED/sHKFw4nQSF/glYKEFiDu6TRTsBBEGvv23Qo/66QpQiFJ6TNfApNiyY9L1X+Dy8EWU6lozmNgwGDjXQ70Lr6xHnA0QGVALJlHXa6QjpgtpC5Nefsdvtf1hpfFo2VutpbSB+aq9jk3gWNN+XkhrWN5PiwP7YYJNw/WozyfL+IhwjfHZGxkuws+wGR6ZKxlX9W9Vrsq9ncYNKuhy2SdsR6s2XECQtrEQ6ZlX5jRt6Yh5M9ls5fMsWEqknDPmr1Ui6wV7NxprYngo9fLSdYO/ETIO3S6PB0aEHOZOyGitGaM06EmNpvjQn/QkkaVgt/O8wKL1o1AVzXhDMAFvtG6ejppV6kuTUHXFgSGZF6N9fnP91HuytyzC09F+NMWcmnRdrgXlHapjuuL3zzi+XLCQvk8+aYTzBKx1nU2FPMDRZ9sInGmqdTuM002E7qVbaCy4OxcWaAS/L2UVhGnHr+egYw== louistw@uab.edu"
workflow:
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
- export BUILD_DATE=$(TZ=America/Chicago date +%Y-%m-%dT%H%M%S)
- |
if [ ! -d $CI_PROJECT_DIR/CRI_XCBC ]; then
git clone https://github.com/uabrc/CRI_XCBC.git
cd CRI_XCBC
git remote add upstream https://github.com/jprorama/CRI_XCBC.git
cd ..
fi
- cd CRI_XCBC
- git config user.name "${GIT_AUTHOR_NAME}"
- git config user.email "${GIT_AUTHOR_EMAIL}"
- git fetch origin uab-prod
- git fetch upstream dev
- git checkout uab-prod
- git merge origin/uab-prod
- git checkout -b integration
- git merge upstream/dev
- export CRI_XCBC_HEAD=$(git rev-parse --short HEAD)
- export CRI_XCBC_dev=$(git rev-parse --short upstream/dev)
- export CRI_XCBC_prod=$(git rev-parse --short origin/uab-prod)
- cd ..
- export PACKER_IMAGE_HEAD=$(git rev-parse --short HEAD)
- echo CRI_XCBC_HEAD=${CRI_XCBC_HEAD} | tee -a $CI_PROJECT_DIR/image.env
- echo CRI_XCBC_dev=${CRI_XCBC_dev} | tee -a $CI_PROJECT_DIR/image.env
- echo CRI_XCBC_prod=${CRI_XCBC_prod} | tee -a $CI_PROJECT_DIR/image.env
- echo PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} | tee -a $CI_PROJECT_DIR/image.env
.get_ansible_files: &get_ansible_files
- s3cmd get --force -r --host=$AWS_HOST --host-bucket=$AWS_HOST s3://cheaha-cloud-ansible-files/ ansible/files/
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script:
- docker build -t $CI_REGISTRY_IMAGE:$BUILD_DATE -t $CI_REGISTRY_IMAGE:latest .
- >
docker run --rm $CI_REGISTRY_IMAGE bash -c
'ansible --version &&
openstack --version &&
packer version &&
- docker push --all-tags $CI_REGISTRY_IMAGE
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
changes:
- Dockerfile
allow_failure: true
if [ -n "${BUILT_BASE_IMAGE_ID}" ]; then
exit 0
fi
- *update_ansible_repo
- *get_ansible_files
- export REPO_HEAD=$(git rev-parse --short HEAD)
- export PKR_VAR_flavor="${BASE_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- export PKR_VAR_build_instance_name="base-${REPO_HEAD}"
- export PKR_VAR_image_date_suffix=false
- |
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
export PKR_VAR_image_name="base-PR-${CI_MERGE_REQUEST_IID}"
elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
export PKR_VAR_image_name="base-${BUILD_DATE}"
fi
- packer validate openstack
- packer build -machine-readable openstack | tee base_build.log
- export BUILT_BASE_IMAGE_ID=$(grep 'Image:' base_build.log | awk '{print $4}')
- echo BUILT_BASE_IMAGE_ID=${BUILT_BASE_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
- openstack image unset --property signature_verified $BUILT_BASE_IMAGE_ID
build_compute_image:
stage: build
needs: [build_base_image]
tags:
- build
script:
- export PKR_VAR_source_image=${BUILT_BASE_IMAGE_ID}
- export REPO_HEAD=$(git rev-parse --short HEAD)
- export PKR_VAR_flavor="${COMPUTE_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- export PKR_VAR_build_instance_name="compute-${REPO_HEAD}"
- export PKR_VAR_image_date_suffix=false
- |
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
export PKR_VAR_image_name="compute-PR-${CI_MERGE_REQUEST_IID}"
elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
export PKR_VAR_image_name="compute-${BUILD_DATE}"
fi
- packer validate openstack-compute
- packer build -machine-readable openstack-compute | tee compute_build.log
build_gpu_image:
stage: build
needs: [build_base_image]
tags:
- build
script:
- export GPU_PLACEHOLDER_NAME="gpu1-placeholder"
- export GPU_PLACEHOLDER_FLAVOR="gpu1.medium"
- export GPU_PLACEHOLDER_IMAGE="CentOS-7-x86_64-GenericCloud-2009"
- export PKR_VAR_source_image=${BUILT_BASE_IMAGE_ID}
- export REPO_HEAD=$(git rev-parse --short HEAD)
- export PKR_VAR_flavor="${GPU_BUILD_FLAVOR:-gpu1.medium}"
- export PKR_VAR_build_instance_name="gpu-${REPO_HEAD}"
- export PKR_VAR_image_date_suffix=false
- |
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
export PKR_VAR_image_name="gpu-PR-${CI_MERGE_REQUEST_IID}"
elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
export PKR_VAR_image_name="gpu-${BUILD_DATE}"
- openstack server delete --wait $GPU_PLACEHOLDER_NAME
- packer build -machine-readable openstack-gpu | tee gpu_build.log || FAILED=true
- openstack server create --image $GPU_PLACEHOLDER_IMAGE --network cicd-net --flavor $GPU_PLACEHOLDER_FLAVOR $GPU_PLACEHOLDER_NAME
- |
if [ "$FAILED" = true ]; then
exit 1
fi
rules:
- if: $SKIP_GPU_BUILD == "true"
when: never
- >
curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}"
"${CI_API_V4_URL}/projects/2836/repository/files/knightly/raw?ref=main"
-o CRI_XCBC/group_vars/knightly
- 'sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/knightly'
- 'sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/knightly'
- 'sed -i -E "s/(user_register_app_key: ).*/\1\"${SELF_REG_APP_KEY}\"/" CRI_XCBC/group_vars/knightly'
- 'sed -i -E "s/(celery_user_password: ).*/\1\"${CELERY_PASSWD}\"/" CRI_XCBC/group_vars/knightly'
- 'sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup(''file'', ''${SSH_PUB_KEY}'') }}\"|" CRI_XCBC/group_vars/knightly'
- export PKR_VAR_flavor="${OOD_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- packer validate openstack-ood
- |
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
export PKR_VAR_image_name="ood-PR-${CI_MERGE_REQUEST_IID}"
echo INSTANCE_FLAVOR="${PKR_VAR_flavor}" | tee -a $CI_PROJECT_DIR/image.env
echo OOD_INSTANCE_NAME="ood-PR-${CI_MERGE_REQUEST_IID}" | tee -a $CI_PROJECT_DIR/image.env
export FLOATING_IP=$(openstack floating ip create uab-campus -f value -c floating_ip_address)
echo FLOATING_IP=$FLOATING_IP | tee -a $CI_PROJECT_DIR/image.env
sed -i -E "s/(ood_servername: ).*/\1\"$CI_COMMIT_REF_SLUG.$FLOATING_IP.nip.io\"/" CRI_XCBC/group_vars/knightly
elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
export PKR_VAR_image_name="ood-${BUILD_DATE}"
echo INSTANCE_FLAVOR="${OOD_INSTANCE_FLAVOR:-cpu16-64g}" | tee -a $CI_PROJECT_DIR/image.env
echo OOD_INSTANCE_NAME="ood-knightly" | tee -a $CI_PROJECT_DIR/image.env
echo FLOATING_IP=$TEST_IP | tee -a $CI_PROJECT_DIR/image.env
- >
PKR_VAR_build_instance_name="ood-${CRI_XCBC_HEAD}"
PKR_VAR_image_date_suffix=false
packer build -machine-readable openstack-ood | tee ood_build.log
- export BUILT_OOD_IMAGE_ID=$(grep 'Image:' ood_build.log | awk '{print $4}')
- echo BUILT_OOD_IMAGE_ID=${BUILT_OOD_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
- openstack image set --property CRI_XCBC_prod=${CRI_XCBC_prod} --property CRI_XCBC_dev=${CRI_XCBC_dev} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_OOD_IMAGE_ID}
artifacts:
reports:
dotenv: image.env
environment:
name: knightly
tags:
- build
script:
- openstack image set --accept $BUILT_OOD_IMAGE_ID
- |
eval $(ssh-agent -s)
chmod 400 "$SSH_PRIV_KEY"
ssh-add "$SSH_PRIV_KEY"
mkdir ~/.ssh
chmod 700 ~/.ssh
- OLD_INSTANCE_IP=$(openstack floating ip list --floating-ip-address $CHEAHA_IP -c "Fixed IP Address" -f value)
- echo $OLD_INSTANCE_IP
- |
if [ ! -z $OLD_INSTANCE_IP ]; then
export OLD_INSTANCE_ID=$(openstack server list --name $OOD_INSTANCE_NAME --ip $OLD_INSTANCE_IP -c ID -f value)
- echo OLD_INSTANCE_ID=$OLD_INSTANCE_ID | tee -a instance.env
cat > /etc/resolv.conf << EOF
search openstack.internal cm.cluster rc.uab.edu ib.cluster drac.cluster eth.cluster ib-hdr.cluster
nameserver 172.20.0.25
EOF
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
mkdir -p /run/shibboleth
chown shibd:shibd /run/shibboleth
echo "Downloading hostkey via s3cmd: $(date)"
s3cmd get --force -r --access_key=$AWS_ACCESS_KEY_ID --secret_key=$AWS_SECRET_ACCESS_KEY --host=$AWS_HOST --host-bucket=$AWS_HOST s3://knightly-key/ /etc/ssh/
export NEW_INSTANCE_ID=$(openstack server create
--security-group allow-ssh
--user-data user_data.txt
- echo NEW_INSTANCE_ID=$NEW_INSTANCE_ID | tee -a instance.env
- openstack server add floating ip $NEW_INSTANCE_ID $FLOATING_IP
curl --retry 10 --retry-delay 20 --retry-connrefused https://knightly.rc.uab.edu/Shibboleth.sso/Metadata --resolve knightly.rc.uab.edu:443:$FLOATING_IP -kf
cp "$SSH_KNOWN_HOSTS" ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
until ssh acctsvc@$FLOATING_IP hostname; do sleep 5; done
ssh acctsvc@$FLOATING_IP '[ $(mount | grep "etc/auto" | wc -l) -eq 6 ]' || FAILED=true
if [ "${DELETE_WHEN_FAILED-true}" = true ]; then
openstack server delete $NEW_INSTANCE_ID
echo "DELETE_BUILT_IMAGE=true" | tee -a instance.env
- openstack server remove floating ip $NEW_INSTANCE_ID $FLOATING_IP
artifacts:
reports:
dotenv: instance.env
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
test_ood_image_mr:
stage: test
needs: [build_ood_image]
tags:
- build
script:
- export OOD_INSTANCE_NETWORK="cicd-net"
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
- FAILED=false
- |
eval $(ssh-agent -s)
chmod 400 "$SSH_PRIV_KEY"
ssh-add "$SSH_PRIV_KEY"
mkdir ~/.ssh
chmod 700 ~/.ssh
- |
cat > user_data.txt << OEOF
#!/bin/bash
cat > /etc/resolv.conf << EOF
search openstack.internal cm.cluster rc.uab.edu ib.cluster drac.cluster eth.cluster ib-hdr.cluster
nameserver 172.20.0.25
EOF
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
mkdir -p /run/shibboleth
chown shibd:shibd /run/shibboleth
OEOF
- >
export NEW_INSTANCE_ID=$(openstack server create
-c id -f value --image $BUILT_OOD_IMAGE_ID
--network $OOD_INSTANCE_NETWORK
--security-group ood-https-ports
--security-group allow-ssh
--user-data user_data.txt
--flavor $INSTANCE_FLAVOR
--wait
$OOD_INSTANCE_NAME)
- echo NEW_INSTANCE_ID=$NEW_INSTANCE_ID | tee -a instance.env
- openstack server add floating ip $NEW_INSTANCE_ID $FLOATING_IP
- >
curl --retry 10 --retry-delay 20 --retry-connrefused https://knightly.rc.uab.edu/Shibboleth.sso/Metadata --resolve knightly.rc.uab.edu:443:$FLOATING_IP -kf
|| FAILED=true
- ssh -o StrictHostKeyChecking=no acctsvc@$FLOATING_IP '[ $(mount | grep "etc/auto" | wc -l) -eq 6 ]' || FAILED=true
- |
if [ "$FAILED" = true ]; then
if [ "${DELETE_WHEN_FAILED-true}" = true ]; then
openstack server delete $NEW_INSTANCE_ID
openstack image delete $BUILT_OOD_IMAGE_ID
fi
false
fi
artifacts:
reports:
dotenv: instance.env
rules:
- if: $CI_MERGE_REQUEST_ID
deploy_review:
stage: deploy
script:
- echo "Deploy Review App"
environment:
name: review/$CI_COMMIT_REF_SLUG
url: https://$CI_COMMIT_REF_SLUG.$FLOATING_IP.nip.io
on_stop: stop_review
tags:
- build
rules:
- if: $CI_MERGE_REQUEST_ID
stop_review:
stage: deploy
script:
- openstack server delete $NEW_INSTANCE_ID
- openstack image delete $BUILT_OOD_IMAGE_ID
- openstack floating ip delete $FLOATING_IP
environment:
name: review/$CI_COMMIT_REF_SLUG
action: stop
rules:
- if: $CI_MERGE_REQUEST_ID
when: manual
deploy_knightly:
stage: deploy
environment:
name: knightly
tags:
- build
script:
- |
if [ ! -z $OLD_INSTANCE_ID ]; then
openstack server remove floating ip $OLD_INSTANCE_ID $CAMPUS_IP
openstack server remove floating ip $OLD_INSTANCE_ID $CHEAHA_IP
fi
- |
if [ ! -z $NEW_INSTANCE_ID ]; then
openstack server add floating ip $NEW_INSTANCE_ID $CAMPUS_IP
openstack server add floating ip $NEW_INSTANCE_ID $CHEAHA_IP
fi
deploy_cheaha:
stage: deploy
environment:
name: cheaha
tags:
- build
script:
- echo "Job placeholder to deploy to Cheaha"
when: manual
only:
- main
environment:
name: knightly
- >
SERVER_TO_BE_DELETE=($(openstack server list --name $OOD_INSTANCE_NAME --sort-column Image --sort-descending -f value -c ID
| awk -v NSTK=$NUM_SERVER_TO_KEEP -v OID=$OLD_INSTANCE_ID '$0 != OID {count++}
- |
for svr in ${SERVER_TO_BE_DELETE[@]}; do
openstack server delete ${svr}
done
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
cleanup_integration:
stage: cleanup
tags:
- build
script:
- OS_PROJECT_ID=$(openstack application credential show $OS_APPLICATION_CREDENTIAL_ID -f value -c project_id)
- openstack image list --sort-column Name --sort-descending -f value -c Name -c ID --property owner=$OS_PROJECT_ID > images.txt
- |
if [ "${DELETE_BUILT_IMAGE-false}" = true ]; then
openstack image delete $BUILT_OOD_IMAGE_ID
fi
| awk -v NITK=$NUM_IMAGE_TO_KEEP -v REGEX=ood-$TIMESTAMP_REGEX
'{if ($0 ~ REGEX) result[count++] = $1}
END {for(i=NITK;i<count;i++) print result[i]}'))
- >
BASE_IMAGE_TO_BE_DELETE=($(cat images.txt
| awk -v NITK=$NUM_IMAGE_TO_KEEP -v REGEX=base-$TIMESTAMP_REGEX
'{if ($0 ~ REGEX) result[count++] = $1}
END {for(i=NITK;i<count;i++) print result[i]}'))
- >
COMPUTE_IMAGE_TO_BE_DELETE=($(cat images.txt
| awk -v NITK=$NUM_IMAGE_TO_KEEP -v REGEX=compute-$TIMESTAMP_REGEX
'{if ($0 ~ REGEX) result[count++] = $1}
END {for(i=NITK;i<count;i++) print result[i]}'))
- >
GPU_IMAGE_TO_BE_DELETE=($(cat images.txt
| awk -v NITK=$NUM_IMAGE_TO_KEEP -v REGEX=gpu-$TIMESTAMP_REGEX
'{if ($0 ~ REGEX) result[count++] = $1}
END {for(i=NITK;i<count;i++) print result[i]}'))
for img in ${OOD_IMAGE_TO_BE_DELETE[@]}; do
openstack image delete ${img}
done
- |
for img in ${BASE_IMAGE_TO_BE_DELETE[@]}; do
openstack image delete ${img}
done
- |
for img in ${COMPUTE_IMAGE_TO_BE_DELETE[@]}; do
openstack image delete ${img}
done
- |
for img in ${GPU_IMAGE_TO_BE_DELETE[@]}; do
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
cleanup_mr:
stage: cleanup
tags:
- build
script:
- OS_PROJECT_ID=$(openstack application credential show $OS_APPLICATION_CREDENTIAL_ID -f value -c project_id)
IMAGE_TO_BE_DELETE=($(openstack image list --sort-column Name --sort-descending -f value -c Name -c ID --property owner=$OS_PROJECT_ID
| awk -v REGEX="(ood|base|compute|gpu)-PR-$CI_MERGE_REQUEST_IID" '{if ($0 ~ REGEX) print $1}'))
- |
for img in ${IMAGE_TO_BE_DELETE[@]}; do
openstack image delete ${img}
done
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
when: always