Merge branch 'master' into shibboleth-production

Jenkinsfile

@@ -1,130 +1,88 @@
-#!groovy
-// pipeline file for building appliances
+node('packer') {
+  currentBuild.result = "SUCCESS"
 
-echo "My Branch is: ${env.BRANCH_NAME}"
+  stage 'Checkout'
 
-BRANCH_TEST = "${env.BRANCH_NAME}"
+  checkout scm
 
-if (BRANCH_TEST=="shibboleth-production"){
-  node('packer') {
-    currentBuild.result = "SUCCESS"
+  stage 'Appliance build'
+  echo "My Branch is: ${env.BRANCH_NAME}"
 
-    try {
-      stage 'Cleanup & Setup'
-        sh 'rm -rf output-shibboleth-*'
-        sh 'rm -rf "/Users/levvel/VirtualBox VMs/shibboleth-appliance-*"'
-        sh 'rm -rf builds'
-        sh 'mkdir -p builds'
+  BRANCH_TEST = "${env.BRANCH_NAME}"
 
-        withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-config', variable: 'FILE']]) {
-          ws {
-            sh 'mkdir -p ~/.aws'
-            sh 'cp $FILE ~/.aws/config'
-          }
-        }
-
-        withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-credentials', variable: 'FILE']]) {
-          ws {
-            sh 'mkdir -p ~/.aws'
-            sh 'cp $FILE ~/.aws/credentials'
-          }
-        }
-
-      stage 'Checkout'
-
-        checkout scm
-
-      stage 'Acquire ansible-playbooks'
-
-        sh 'mkdir -p ansible-playbooks'
-        dir('ansible-playbooks'){
-          git([ url: "https://github.internet2.edu/docker/ansible-playbooks.git",
-              branch: "shibboleth-production", credentialsId: "jenkins-github-access-token" ])
-        }
-
-      stage 'Validate'
-
-        sh '/usr/local/bin/packer validate shibboleth-appliance.json'
-
-      stage 'Build Appliance - Shibboleth'
-
-        sh '/usr/local/bin/packer build shibboleth-appliance.json'
-
-      stage 'Sync appliances to S3 bucket'
-
-         sh 'aws s3 sync builds s3://internet2-tier-appliance-us-west-1'
+  if (BRANCH_TEST=="shibboleth-production"){
+    performBuild("shibboleth")
+  } else if (BRANCH_TEST=="grouper-production"){
+    performBuild("grouper")
+  } else if (BRANCH_TEST=="comanage-production"){
+    performBuild("comanage")
+  }
 
-      slackSend color: 'good', message: "BUILD SUCCESS: Shibboleth Appliance build success. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>)"
+}
 
+def performBuild(String project){
+  try {
+    stage 'Cleanup & Setup'
+    sh "rm -rf output-${project}-*"
+    sh "rm -rf \"/Users/levvel/VirtualBox VMs/${project}-appliance-*\""
+    sh 'rm -rf builds'
+    sh 'mkdir -p builds'
+
+    withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-config', variable: 'FILE']]) {
+      ws {
+        sh 'mkdir -p ~/.aws'
+        sh 'cp $FILE ~/.aws/config'
+      }
     }
 
-    catch (err) {
-      currentBuild.result = "FAILURE"
-
-      slackSend color: 'danger', message: "BUILD ERROR: There was a problem with Shibboleth Appliance. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>) \n\n ${err}"
-
-      throw err
+    withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-credentials', variable: 'FILE']]) {
+      ws {
+        sh 'mkdir -p ~/.aws'
+        sh 'cp $FILE ~/.aws/credentials'
+      }
     }
-  }
-} else if (BRANCH_TEST=="comanage-production"){
-  node('packer') {
-    currentBuild.result = "SUCCESS"
-
-    try {
-      stage 'Cleanup & Setup '
-        sh 'rm -rf output-comanage-*'
-        sh 'rm -rf "/Users/levvel/VirtualBox VMs/comange-appliance-*"'
-        sh 'rm  -rf builds'
-        sh 'mkdir -p builds'
-
-        withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-config', variable: 'FILE']]) {
-          ws {
-            sh 'mkdir -p ~/.aws'
-            sh 'cp $FILE ~/.aws/config'
-          }
-        }
-
-        withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-credentials', variable: 'FILE']]) {
-          ws {
-            sh 'mkdir -p ~/.aws'
-            sh 'cp $FILE ~/.aws/credentials'
-          }
-        }
 
-      stage 'Checkout'
+    stage 'Acquire ansible-playbooks'
 
-        checkout scm
+    sh 'mkdir -p ansible-playbooks'
+    dir('ansible-playbooks'){
+      git([ url: "https://github.internet2.edu/docker/ansible-playbooks.git",
+      branch: "${project}-production", credentialsId: "jenkins-github-access-token" ])
+    }
 
-      stage 'Acquire ansible-playbooks'
+    stage 'Validate'
 
-        sh 'mkdir -p ansible-playbooks'
-        dir('ansible-playbooks'){
-          git([ url: "https://github.internet2.edu/docker/ansible-playbooks.git",
-              branch: "comanage-production", credentialsId: "jenkins-github-access-token" ])
-        }
+    sh "/usr/local/bin/packer validate ${project}-appliance.json"
 
-      stage 'Validate'
+    stage 'Build Appliance'
 
-        sh '/usr/local/bin/packer validate comange-appliance.json'
+    sh "/usr/local/bin/packer build ${project}-appliance.json"
 
-      stage 'Build Appliance - Comanage'
+    stage 'Sync appliances to S3 bucket'
 
-        sh '/usr/local/bin/packer build comanage-appliance.json'
+    sh "aws s3 sync builds s3://internet2-tier-appliance-us-west-1"
 
-      stage 'Sync appliances to S3 bucket'
+    stage 'Publish results'
 
-         sh 'aws s3 sync builds s3://internet2-tier-appliance-us-west-1'
+    sh "bin/perms.sh > results.txt"
 
-      slackSend color: 'good', message: "BUILD SUCCESS: Comanage Appliance build success. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>)"
+    slackSend color: 'good', message: "BUILD SUCCESS: Appliance build success. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>)"
 
-    }
+    slackSend color: 'good', message: readFile('./results.txt')
 
-    catch (err) {
-      currentBuild.result = "FAILURE"
+    sh "rm results.txt"
 
-      slackSend color: 'danger', message: "BUILD ERROR: There was a problem with Comanage Appliance. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>) \n\n ${err}"
+  }
 
-      throw err
-    }
+  catch (err) {
+    handleError("BUILD ERROR: There was a problem with ${project} Appliance. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>) \n\n ${err}")
   }
 }
+
+def handleError(String message){
+  echo "${message}"
+  currentBuild.setResult("FAILED")
+  slackSend color: 'danger', message: "${message}"
+  //step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'chris.bynum@levvel.io', sendToIndividuals: true])
+  sh 'exit 1'
+}

bin/perms.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+aws_acct_id="823003027569"
+bucket="internet2-tier-appliance-us-west-1"
+vagrant_key=$(aws s3api list-objects --bucket $bucket --query 'reverse(sort_by(Contents[?contains(Key, `vagrant`)], &LastModified))[0].[Key]' --output text | tr -d '\n' )
+ova_key=$(aws s3api list-objects --bucket $bucket --query 'reverse(sort_by(Contents[?contains(Key, `ova`)], &LastModified))[0].[Key]' --output text | tr -d '\n' )
+
+echo "Found $vagrant_key"
+aws s3api put-object-acl --bucket $bucket --key $vagrant_key  --acl public-read
+
+echo "(https://s3-us-west-1.amazonaws.com/$bucket/$vagrant_key)"
+
+echo $(md5 builds/$vagrant_key)
+
+echo "Found $ova_key"
+aws s3api put-object-acl --bucket $bucket --key $ova_key  --acl public-read
+
+echo "(https://s3-us-west-1.amazonaws.com/$bucket/$ova_key)"
+
+echo $(md5 builds/$ova_key)
+
+ami_id=$(aws ec2 describe-images --owners $aws_acct_id --query 'reverse(sort_by(Images[?starts_with(Name, `import-ami`)], &CreationDate))[0].[ImageId]' --output text | tr -d '\n' )
+echo "Publishing $ami_id to $aws_acct_id"
+
+aws ec2 modify-image-attribute --image-id $ami_id --launch-permission "{\"Add\":[{\"UserId\":\"$aws_acct_id\"}]}"
+

grouper-appliance.json

@@ -0,0 +1,84 @@
+{
+  "min_packer_version": "0.8.6",
+  "description": "Grouper appliance ",
+  "variables": {
+      "profile": "xfs",
+      "disk_size": "8192",
+      "memory": "2048",
+      "cpus": "1",
+      "guest_os_type": "RedHat_64",
+      "ssh_username": "centos",
+      "ssh_password": "centos",
+      "region": "us-west-1",
+      "timestamper": "{{timestamp}}",
+      "outputfile_name": "grouper-appliance-centos7"
+  },
+  "provisioners": [
+    {
+      "type": "shell",
+      "execute_command": "echo 'centos' | {{.Vars}} sudo -S -E bash '{{.Path}}'",
+      "script": "scripts/ansible.sh"
+    },
+    {
+      "type": "ansible-local",
+      "playbook_dir": "ansible-playbooks",
+      "playbook_file": "ansible-playbooks/grouper-appliance-vbox.yml"
+    },
+    {
+      "type": "shell",
+      "execute_command": "echo 'centos' | {{.Vars}} sudo -S -E bash '{{.Path}}'",
+      "script": "scripts/cleanup.sh"
+    }
+  ],
+  "builders": [
+    {
+        "type": "virtualbox-iso",
+        "name": "grouper-appliance-centos7",
+        "vm_name": "grouper-appliance-centos7-{{user `profile`}}",
+        "headless": true,
+        "guest_os_type": "RedHat_64",
+        "disk_size": "{{user `disk_size`}}",
+        "vboxmanage": [
+            ["modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}"],
+            ["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"],
+            ["modifyvm", "{{.Name}}", "--ostype", "{{user `guest_os_type`}}"]
+        ],
+        "iso_url": "http://mirror.vcu.edu/pub/gnu+linux/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1511.iso",
+        "iso_checksum": "f90e4d28fa377669b2db16cbcb451fcb9a89d2460e3645993e30e137ac37d284",
+        "iso_checksum_type": "sha256",
+        "http_directory": "http",
+        "boot_command": ["<tab> text ks=http://{{.HTTPIP}}:{{.HTTPPort}}/ks-{{user `profile`}}.cfg<enter><wait>"],
+        "boot_wait": "10s",
+        "ssh_username": "{{user `ssh_username`}}",
+        "ssh_password": "{{user `ssh_password`}}",
+        "ssh_port": 22,
+        "ssh_wait_timeout": "10000s",
+        "guest_additions_mode": "disable",
+        "shutdown_command": "sudo -S shutdown -P now",
+        "output_directory": "output-grouper-{{user `profile`}}",
+        "format": "ova"
+    }
+  ],
+  "post-processors": [
+    {
+      "type": "compress",
+      "compression_level": "9",
+      "output": "builds/{{user `outputfile_name`}}-ova-{{user `timestamper`}}.tar"
+    },
+    {
+      "type": "vagrant",
+      "compression_level": "9",
+      "output": "builds/{{user `outputfile_name`}}-vagrant-{{user `timestamper`}}.tar"
+    },
+    {
+      "type": "amazon-import",
+      "access_key": "{{user `aws_access_key`}}",
+      "secret_key": "{{user `aws_secret_key`}}",
+      "region": "{{user `region`}}",
+      "s3_bucket_name": "internet2-tier-ami-import-us-west-1",
+      "tags": {
+        "Description": "packer amazon-import-grouper-appliance {{user `timestamper`}}"
+      }
+    }
+  ]
+}

shibboleth-appliance-aws.json

@@ -0,0 +1,29 @@
+{
+  "min_packer_version": "0.8.6",
+  "description": "Shibboleth appliance ",
+  "variables": {
+      "region": "us-west-1",
+      "timestamper": "{{timestamp}}"
+  },
+  "provisioners": [
+    {
+      "type": "ansible",
+      "playbook_file": "ansible-playbooks/shibboleth-appliance-vbox.yml",
+      "sftp_command": "/usr/libexec/sftp-server -e",
+      "ansible_env_vars": [ "ANSIBLE_HOST_KEY_CHECKING=False" ],
+      "user": "centos"
+    }
+  ],
+  "builders": [
+    {
+      "type": "amazon-ebs",
+      "access_key": "AKIAJGTQSCEQTDCIUU6A",
+      "secret_key": "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",
+      "region": "us-west-1",
+      "source_ami": "ami-af4333cf",
+      "instance_type": "t2.large",
+      "ssh_username": "centos",
+      "ami_name": "shibboleth-idp {{timestamp}}"
+    }
+  ]
+}

shibboleth-appliance.json

@@ -39,7 +39,8 @@
         "disk_size": "{{user `disk_size`}}",
         "vboxmanage": [
             ["modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}"],
-            ["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"]
+            ["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"],
+            ["modifyvm", "{{.Name}}", "--ostype", "{{user `guest_os_type`}}"]
         ],
         "iso_url": "http://mirror.vcu.edu/pub/gnu+linux/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1511.iso",
         "iso_checksum": "f90e4d28fa377669b2db16cbcb451fcb9a89d2460e3645993e30e137ac37d284",