Merge branch 'grouper-refactor' into grouper-production

docker · Sep 6, 2016 · 4ff5742260c299f4948d19d917f15ad53acb5773 · 4ff5742
2 parents b716982 + ff47790
commit 4ff5742260c299f4948d19d917f15ad53acb5773
Unified Split

Showing with 135 additions and 118 deletions.

+69 −111 Jenkinsfile

+26 −0 bin/perms.sh

+6 −4 grouper-appliance.json

+29 −0 shibboleth-appliance-aws.json

+5 −3 shibboleth-appliance.json
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -1,131 +1,81 @@
-#!groovy
-// pipeline file for building appliances
-
-echo "My Branch is: ${env.BRANCH_NAME}"
-
-BRANCH_TEST = "${env.BRANCH_NAME}"
-
-if (BRANCH_TEST=="shibboleth-production"){
-  node('packer') {
-    currentBuild.result = "SUCCESS"
-
-    try {
-      stage 'Cleanup & Setup'
-        sh 'rm -rf output-shibboleth-*'
-        sh 'rm -rf "/Users/levvel/VirtualBox VMs/shibboleth-appliance-*"'
-        sh 'rm -rf builds'
-        sh 'mkdir -p builds'
-
-        withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-config', variable: 'FILE']]) {
-          ws {
-            sh 'mkdir -p ~/.aws'
-            sh 'cp $FILE ~/.aws/config'
-          }
-        }
-
-        withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-credentials', variable: 'FILE']]) {
-          ws {
-            sh 'mkdir -p ~/.aws'
-            sh 'cp $FILE ~/.aws/credentials'
-          }
-        }
-
-      stage 'Checkout'
-
-        checkout scm
-
-      stage 'Acquire ansible-playbooks'
-
-        sh 'mkdir -p ansible-playbooks'
-        dir('ansible-playbooks'){
-          git([ url: "https://github.internet2.edu/docker/ansible-playbooks.git",
-              branch: "shibboleth-production", credentialsId: "jenkins-github-access-token" ])
-        }
-
-      stage 'Validate'
-
-        sh '/usr/local/bin/packer validate shibboleth-appliance.json'
-
-      stage 'Build Appliance - Shibboleth'
-
-        sh '/usr/local/bin/packer build shibboleth-appliance.json'
-
-      stage 'Sync appliances to S3 bucket'
-
-         sh 'aws s3 sync builds s3://internet2-tier-appliance-us-west-1'
-
-      slackSend color: 'good', message: "BUILD SUCCESS: Shibboleth Appliance build success. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>)"
+node('packer') {
+  currentBuild.result = "SUCCESS"
+
+  stage 'Appliance build'
+  echo "My Branch is: ${env.BRANCH_NAME}"
+
+  BRANCH_TEST = "${env.BRANCH_NAME}"
+
+  if (BRANCH_TEST=="shibboleth-production"){
+    performBuild("shibboleth")
+  } else if (BRANCH_TEST=="grouper-production"){
+    performBuild("grouper")
+  } else if (BRANCH_TEST=="comanage-production"){
+    performBuild("comanage")
+  } 
+
+}
 
+def performBuild(String project){
+  try {
+    stage 'Cleanup & Setup'
+    sh "rm -rf output-${project}-*"
+    sh "rm -rf \"/Users/levvel/VirtualBox VMs/${project}-appliance-*\""
+    sh 'rm -rf builds'
+    sh 'mkdir -p builds'
+
+    withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-config', variable: 'FILE']]) {
+      ws {
+        sh 'mkdir -p ~/.aws'
+        sh 'cp $FILE ~/.aws/config'
+      }
     }
 
-    catch (err) {
-      currentBuild.result = "FAILURE"
-
-      slackSend color: 'danger', message: "BUILD ERROR: There was a problem with Shibboleth Appliance. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>) \n\n ${err}"
-
-      throw err
+    withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-credentials', variable: 'FILE']]) {
+      ws {
+        sh 'mkdir -p ~/.aws'
+        sh 'cp $FILE ~/.aws/credentials'
+      }
     }
-  }
-} else if (BRANCH_TEST=="comanage-production"){
-  node('packer') {
-    currentBuild.result = "SUCCESS"
 
-    try {
-      stage 'Cleanup & Setup '
-        sh 'rm -rf output-comanage-*'
-        sh 'rm -rf "/Users/levvel/VirtualBox VMs/comange-appliance-*"'
-        sh 'rm  -rf builds'
-        sh 'mkdir -p builds'
-
-        withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-config', variable: 'FILE']]) {
-          ws {
-            sh 'mkdir -p ~/.aws'
-            sh 'cp $FILE ~/.aws/config'
-          }
-        }
+    stage 'Checkout'
 
-        withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-credentials', variable: 'FILE']]) {
-          ws {
-            sh 'mkdir -p ~/.aws'
-            sh 'cp $FILE ~/.aws/credentials'
-          }
-        }
+    checkout scm
 
-      stage 'Checkout'
+    stage 'Acquire ansible-playbooks'
 
-        checkout scm
-
-      stage 'Acquire ansible-playbooks'
-
-        sh 'mkdir -p ansible-playbooks'
-        dir('ansible-playbooks'){
-          git([ url: "https://github.internet2.edu/docker/ansible-playbooks.git",
-              branch: "comanage-production", credentialsId: "jenkins-github-access-token" ])
-        }
+    sh 'mkdir -p ansible-playbooks'
+    dir('ansible-playbooks'){
+      git([ url: "https://github.internet2.edu/docker/ansible-playbooks.git",
+      branch: "{{project}}-production", credentialsId: "jenkins-github-access-token" ])
+    }
 
-      stage 'Validate'
+    stage 'Validate'
 
-        sh '/usr/local/bin/packer validate comange-appliance.json'
+    sh "/usr/local/bin/packer validate {{project}}-appliance.json"
 
-      stage 'Build Appliance - Comanage'
+    stage 'Build Appliance'
 
-        sh '/usr/local/bin/packer build comanage-appliance.json'
+    sh "/usr/local/bin/packer build {{project}}-appliance.json"
 
-      stage 'Sync appliances to S3 bucket'
+    stage 'Sync appliances to S3 bucket'
 
-         sh 'aws s3 sync builds s3://internet2-tier-appliance-us-west-1'
+    sh "aws s3 sync builds s3://internet2-tier-appliance-us-west-1"
+
+    stage 'Publish results'
+
+    sh "bin/perms.sh > results.txt"
 
-      slackSend color: 'good', message: "BUILD SUCCESS: Comanage Appliance build success. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>)"
+    slackSend color: 'good', message: "BUILD SUCCESS: Shibboleth Appliance build success. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>)"
+
+    slackSend color: 'good', message: readFile('./results.txt')
+
+    sh "rm results.txt"
 
-    }
-
-    catch (err) {
-      currentBuild.result = "FAILURE"
-
-      slackSend color: 'danger', message: "BUILD ERROR: There was a problem with Comanage Appliance. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>) \n\n ${err}"
+  }
 
-      throw err
-    }
+  catch (err) {
+    handleError("BUILD ERROR: There was a problem with ${project} Appliance. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>) \n\n ${err}")
   }
 } else if (BRANCH_TEST=="grouper-production") {
   node('packer') {
@@ -189,3 +139,11 @@ if (BRANCH_TEST=="shibboleth-production"){
     }
   }
 }
+
+def handleError(String message){
+  echo "${message}"
+  currentBuild.setResult("FAILED")
+  slackSend color: 'danger', message: "${message}"
+  //step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'chris.bynum@levvel.io', sendToIndividuals: true])
+  sh 'exit 1'
+}
diff --git a/bin/perms.sh b/bin/perms.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+aws_acct_id="823003027569"
+bucket="internet2-tier-appliance-us-west-1"
+vagrant_key=$(aws s3api list-objects-v2 --bucket $bucket --query 'reverse(sort_by(Contents[?contains(Key, `vagrant`)], &LastModified))[0].[Key]' --output text | tr -d '\n' )
+ova_key=$(aws s3api list-objects-v2 --bucket $bucket --query 'reverse(sort_by(Contents[?contains(Key, `ova`)], &LastModified))[0].[Key]' --output text | tr -d '\n' )
+
+echo "Found $vagrant_key"
+aws s3api put-object-acl --bucket $bucket --key $vagrant_key  --acl public-read
+
+echo "(https://s3-us-west-1.amazonaws.com/$bucket/$vagrant_key)"
+
+echo $(md5 builds/$vagrant_key)
+
+echo "Found $ova_key"
+aws s3api put-object-acl --bucket $bucket --key $ova_key  --acl public-read
+
+echo "(https://s3-us-west-1.amazonaws.com/$bucket/$ova_key)"
+
+echo $(md5 builds/$ova_key)
+
+ami_id=$(aws ec2 describe-images --owners $aws_acct_id --query 'reverse(sort_by(Images[?starts_with(Name, `import-ami`)], &CreationDate))[0].[ImageId]' --output text | tr -d '\n' )
+echo "Publishing $ami_id to $aws_acct_id"
+
+aws ec2 modify-image-attribute --image-id $ami_id --launch-permission "{\"Add\":[{\"UserId\":\"$aws_acct_id\"}]}"
+
diff --git a/grouper-appliance.json b/grouper-appliance.json
@@ -4,8 +4,9 @@
   "variables": {
       "profile": "xfs",
       "disk_size": "8192",
-      "memory": "6122",
-      "cpus": "2",
+      "memory": "2048",
+      "cpus": "1",
+      "guest_os_type": "RedHat_64",
       "ssh_username": "centos",
       "ssh_password": "centos",
       "region": "us-west-1",
@@ -39,7 +40,8 @@
         "disk_size": "{{user `disk_size`}}",
         "vboxmanage": [
             ["modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}"],
-            ["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"]
+            ["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"],
+            ["modifyvm", "{{.Name}}", "--ostype", "{{user `guest_os_type`}}"]
         ],
         "iso_url": "http://mirror.vcu.edu/pub/gnu+linux/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1511.iso",
         "iso_checksum": "f90e4d28fa377669b2db16cbcb451fcb9a89d2460e3645993e30e137ac37d284",
@@ -73,7 +75,7 @@
       "access_key": "{{user `aws_access_key`}}",
       "secret_key": "{{user `aws_secret_key`}}",
       "region": "{{user `region`}}",
-      "s3_bucket_name": "internet2-ami-import-us-west-1",
+      "s3_bucket_name": "internet2-tier-ami-import-us-west-1",
       "tags": {
         "Description": "packer amazon-import-grouper-appliance {{user `timestamper`}}"
       }

diff --git a/shibboleth-appliance-aws.json b/shibboleth-appliance-aws.json
@@ -0,0 +1,29 @@
+{
+  "min_packer_version": "0.8.6",
+  "description": "Shibboleth appliance ",
+  "variables": {
+      "region": "us-west-1",
+      "timestamper": "{{timestamp}}"
+  },
+  "provisioners": [
+    {
+      "type": "ansible",
+      "playbook_file": "ansible-playbooks/shibboleth-appliance-vbox.yml",
+      "sftp_command": "/usr/libexec/sftp-server -e",
+      "ansible_env_vars": [ "ANSIBLE_HOST_KEY_CHECKING=False" ],
+      "user": "centos"
+    }
+  ],
+  "builders": [
+    {
+      "type": "amazon-ebs",
+      "access_key": "AKIAJGTQSCEQTDCIUU6A",
+      "secret_key": "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",
+      "region": "us-west-1",
+      "source_ami": "ami-af4333cf",
+      "instance_type": "t2.large",
+      "ssh_username": "centos",
+      "ami_name": "shibboleth-idp {{timestamp}}"
+    }
+  ]
+}
diff --git a/shibboleth-appliance.json b/shibboleth-appliance.json
@@ -4,8 +4,9 @@
   "variables": {
       "profile": "xfs",
       "disk_size": "8192",
-      "memory": "6122",
-      "cpus": "2",
+      "memory": "2048",
+      "cpus": "1",
+      "guest_os_type": "RedHat_64",
       "ssh_username": "centos",
       "ssh_password": "centos",
       "region": "us-west-1",
@@ -39,7 +40,8 @@
         "disk_size": "{{user `disk_size`}}",
         "vboxmanage": [
             ["modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}"],
-            ["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"]
+            ["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"],
+            ["modifyvm", "{{.Name}}", "--ostype", "{{user `guest_os_type`}}"]
         ],
         "iso_url": "http://mirror.vcu.edu/pub/gnu+linux/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1511.iso",
         "iso_checksum": "f90e4d28fa377669b2db16cbcb451fcb9a89d2460e3645993e30e137ac37d284",