diff --git a/Jenkinsfile b/Jenkinsfile index 664acbd..179b23a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,130 +1,88 @@ -#!groovy -// pipeline file for building appliances - -echo "My Branch is: ${env.BRANCH_NAME}" - -BRANCH_TEST = "${env.BRANCH_NAME}" - -if (BRANCH_TEST=="shibboleth-production"){ - node('packer') { - currentBuild.result = "SUCCESS" - - try { - stage 'Cleanup & Setup' - sh 'rm -rf output-shibboleth-*' - sh 'rm -rf "/Users/levvel/VirtualBox VMs/shibboleth-appliance-*"' - sh 'rm -rf builds' - sh 'mkdir -p builds' - - withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-config', variable: 'FILE']]) { - ws { - sh 'mkdir -p ~/.aws' - sh 'cp $FILE ~/.aws/config' - } - } - - withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-credentials', variable: 'FILE']]) { - ws { - sh 'mkdir -p ~/.aws' - sh 'cp $FILE ~/.aws/credentials' - } - } - - stage 'Checkout' - - checkout scm - - stage 'Acquire ansible-playbooks' - - sh 'mkdir -p ansible-playbooks' - dir('ansible-playbooks'){ - git([ url: "https://github.internet2.edu/docker/ansible-playbooks.git", - branch: "shibboleth-production", credentialsId: "jenkins-github-access-token" ]) - } - - stage 'Validate' - - sh '/usr/local/bin/packer validate shibboleth-appliance.json' - - stage 'Build Appliance - Shibboleth' - - sh '/usr/local/bin/packer build shibboleth-appliance.json' - - stage 'Sync appliances to S3 bucket' - - sh 'aws s3 sync builds s3://internet2-tier-appliance-us-west-1' - - slackSend color: 'good', message: "BUILD SUCCESS: Shibboleth Appliance build success. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>)" +node('packer') { + currentBuild.result = "SUCCESS" + + stage 'Appliance build' + echo "My Branch is: ${env.BRANCH_NAME}" + + BRANCH_TEST = "${env.BRANCH_NAME}" + + if (BRANCH_TEST=="shibboleth-production"){ + performBuild("shibboleth") + } else if (BRANCH_TEST=="grouper-production"){ + performBuild("grouper") + } else if (BRANCH_TEST=="comanage-production"){ + performBuild("comanage") + } + +} +def performBuild(String project){ + try { + stage 'Cleanup & Setup' + sh "rm -rf output-${project}-*" + sh "rm -rf \"/Users/levvel/VirtualBox VMs/${project}-appliance-*\"" + sh 'rm -rf builds' + sh 'mkdir -p builds' + + withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-config', variable: 'FILE']]) { + ws { + sh 'mkdir -p ~/.aws' + sh 'cp $FILE ~/.aws/config' + } } - catch (err) { - currentBuild.result = "FAILURE" - - slackSend color: 'danger', message: "BUILD ERROR: There was a problem with Shibboleth Appliance. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>) \n\n ${err}" - - throw err + withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-credentials', variable: 'FILE']]) { + ws { + sh 'mkdir -p ~/.aws' + sh 'cp $FILE ~/.aws/credentials' + } } - } -} else if (BRANCH_TEST=="comanage-production"){ - node('packer') { - currentBuild.result = "SUCCESS" - - try { - stage 'Cleanup & Setup ' - sh 'rm -rf output-comanage-*' - sh 'rm -rf "/Users/levvel/VirtualBox VMs/comange-appliance-*"' - sh 'rm -rf builds' - sh 'mkdir -p builds' - - withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-config', variable: 'FILE']]) { - ws { - sh 'mkdir -p ~/.aws' - sh 'cp $FILE ~/.aws/config' - } - } - - withCredentials([[$class: 'FileBinding', credentialsId: 'tier-aws-credentials', variable: 'FILE']]) { - ws { - sh 'mkdir -p ~/.aws' - sh 'cp $FILE ~/.aws/credentials' - } - } - stage 'Checkout' + stage 'Checkout' - checkout scm + checkout scm - stage 'Acquire ansible-playbooks' + stage 'Acquire ansible-playbooks' - sh 'mkdir -p ansible-playbooks' - dir('ansible-playbooks'){ - git([ url: "https://github.internet2.edu/docker/ansible-playbooks.git", - branch: "comanage-production", credentialsId: "jenkins-github-access-token" ]) - } - - stage 'Validate' - - sh '/usr/local/bin/packer validate comange-appliance.json' + sh 'mkdir -p ansible-playbooks' + dir('ansible-playbooks'){ + git([ url: "https://github.internet2.edu/docker/ansible-playbooks.git", + branch: "{{project}}-production", credentialsId: "jenkins-github-access-token" ]) + } - stage 'Build Appliance - Comanage' + stage 'Validate' - sh '/usr/local/bin/packer build comanage-appliance.json' + sh "/usr/local/bin/packer validate {{project}}-appliance.json" - stage 'Sync appliances to S3 bucket' + stage 'Build Appliance' - sh 'aws s3 sync builds s3://internet2-tier-appliance-us-west-1' + sh "/usr/local/bin/packer build {{project}}-appliance.json" - slackSend color: 'good', message: "BUILD SUCCESS: Comanage Appliance build success. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>)" + stage 'Sync appliances to S3 bucket' - } + sh "aws s3 sync builds s3://internet2-tier-appliance-us-west-1" + + stage 'Publish results' + + sh "bin/perms.sh > results.txt" - catch (err) { - currentBuild.result = "FAILURE" + slackSend color: 'good', message: "BUILD SUCCESS: Shibboleth Appliance build success. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>)" + + slackSend color: 'good', message: readFile('./results.txt') + + sh "rm results.txt" - slackSend color: 'danger', message: "BUILD ERROR: There was a problem with Comanage Appliance. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>) \n\n ${err}" + } - throw err - } + catch (err) { + handleError("BUILD ERROR: There was a problem with ${project} Appliance. ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL} |Open>) \n\n ${err}") } } + +def handleError(String message){ + echo "${message}" + currentBuild.setResult("FAILED") + slackSend color: 'danger', message: "${message}" + //step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'chris.bynum@levvel.io', sendToIndividuals: true]) + sh 'exit 1' +} \ No newline at end of file diff --git a/bin/perms.sh b/bin/perms.sh new file mode 100755 index 0000000..ff580aa --- /dev/null +++ b/bin/perms.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +aws_acct_id="823003027569" +bucket="internet2-tier-appliance-us-west-1" +vagrant_key=$(aws s3api list-objects-v2 --bucket $bucket --query 'reverse(sort_by(Contents[?contains(Key, `vagrant`)], &LastModified))[0].[Key]' --output text | tr -d '\n' ) +ova_key=$(aws s3api list-objects-v2 --bucket $bucket --query 'reverse(sort_by(Contents[?contains(Key, `ova`)], &LastModified))[0].[Key]' --output text | tr -d '\n' ) + +echo "Found $vagrant_key" +aws s3api put-object-acl --bucket $bucket --key $vagrant_key --acl public-read + +echo "(https://s3-us-west-1.amazonaws.com/$bucket/$vagrant_key)" + +echo $(md5 builds/$vagrant_key) + +echo "Found $ova_key" +aws s3api put-object-acl --bucket $bucket --key $ova_key --acl public-read + +echo "(https://s3-us-west-1.amazonaws.com/$bucket/$ova_key)" + +echo $(md5 builds/$ova_key) + +ami_id=$(aws ec2 describe-images --owners $aws_acct_id --query 'reverse(sort_by(Images[?starts_with(Name, `import-ami`)], &CreationDate))[0].[ImageId]' --output text | tr -d '\n' ) +echo "Publishing $ami_id to $aws_acct_id" + +aws ec2 modify-image-attribute --image-id $ami_id --launch-permission "{\"Add\":[{\"UserId\":\"$aws_acct_id\"}]}" + diff --git a/grouper-appliance.json b/grouper-appliance.json new file mode 100644 index 0000000..bd84099 --- /dev/null +++ b/grouper-appliance.json @@ -0,0 +1,84 @@ +{ + "min_packer_version": "0.8.6", + "description": "Grouper appliance ", + "variables": { + "profile": "xfs", + "disk_size": "8192", + "memory": "2048", + "cpus": "1", + "guest_os_type": "RedHat_64", + "ssh_username": "centos", + "ssh_password": "centos", + "region": "us-west-1", + "timestamper": "{{timestamp}}", + "outputfile_name": "grouper-appliance-centos7" + }, + "provisioners": [ + { + "type": "shell", + "execute_command": "echo 'centos' | {{.Vars}} sudo -S -E bash '{{.Path}}'", + "script": "scripts/ansible.sh" + }, + { + "type": "ansible-local", + "playbook_dir": "ansible-playbooks", + "playbook_file": "ansible-playbooks/grouper-appliance-vbox.yml" + }, + { + "type": "shell", + "execute_command": "echo 'centos' | {{.Vars}} sudo -S -E bash '{{.Path}}'", + "script": "scripts/cleanup.sh" + } + ], + "builders": [ + { + "type": "virtualbox-iso", + "name": "grouper-appliance-centos7", + "vm_name": "grouper-appliance-centos7-{{user `profile`}}", + "headless": true, + "guest_os_type": "RedHat_64", + "disk_size": "{{user `disk_size`}}", + "vboxmanage": [ + ["modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}"], + ["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"], + ["modifyvm", "{{.Name}}", "--ostype", "{{user `guest_os_type`}}"] + ], + "iso_url": "http://mirror.vcu.edu/pub/gnu+linux/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1511.iso", + "iso_checksum": "f90e4d28fa377669b2db16cbcb451fcb9a89d2460e3645993e30e137ac37d284", + "iso_checksum_type": "sha256", + "http_directory": "http", + "boot_command": [" text ks=http://{{.HTTPIP}}:{{.HTTPPort}}/ks-{{user `profile`}}.cfg"], + "boot_wait": "10s", + "ssh_username": "{{user `ssh_username`}}", + "ssh_password": "{{user `ssh_password`}}", + "ssh_port": 22, + "ssh_wait_timeout": "10000s", + "guest_additions_mode": "disable", + "shutdown_command": "sudo -S shutdown -P now", + "output_directory": "output-grouper-{{user `profile`}}", + "format": "ova" + } + ], + "post-processors": [ + { + "type": "compress", + "compression_level": "9", + "output": "builds/{{user `outputfile_name`}}-ova-{{user `timestamper`}}.tar" + }, + { + "type": "vagrant", + "compression_level": "9", + "output": "builds/{{user `outputfile_name`}}-vagrant-{{user `timestamper`}}.tar" + }, + { + "type": "amazon-import", + "access_key": "{{user `aws_access_key`}}", + "secret_key": "{{user `aws_secret_key`}}", + "region": "{{user `region`}}", + "s3_bucket_name": "internet2-tier-ami-import-us-west-1", + "tags": { + "Description": "packer amazon-import-grouper-appliance {{user `timestamper`}}" + } + } + ] +} diff --git a/shibboleth-appliance-aws.json b/shibboleth-appliance-aws.json new file mode 100644 index 0000000..8851f07 --- /dev/null +++ b/shibboleth-appliance-aws.json @@ -0,0 +1,29 @@ +{ + "min_packer_version": "0.8.6", + "description": "Shibboleth appliance ", + "variables": { + "region": "us-west-1", + "timestamper": "{{timestamp}}" + }, + "provisioners": [ + { + "type": "ansible", + "playbook_file": "ansible-playbooks/shibboleth-appliance-vbox.yml", + "sftp_command": "/usr/libexec/sftp-server -e", + "ansible_env_vars": [ "ANSIBLE_HOST_KEY_CHECKING=False" ], + "user": "centos" + } + ], + "builders": [ + { + "type": "amazon-ebs", + "access_key": "AKIAJGTQSCEQTDCIUU6A", + "secret_key": "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", + "region": "us-west-1", + "source_ami": "ami-af4333cf", + "instance_type": "t2.large", + "ssh_username": "centos", + "ami_name": "shibboleth-idp {{timestamp}}" + } + ] +} diff --git a/shibboleth-appliance.json b/shibboleth-appliance.json index b937963..13777c1 100644 --- a/shibboleth-appliance.json +++ b/shibboleth-appliance.json @@ -4,8 +4,9 @@ "variables": { "profile": "xfs", "disk_size": "8192", - "memory": "6122", - "cpus": "2", + "memory": "2048", + "cpus": "1", + "guest_os_type": "RedHat_64", "ssh_username": "centos", "ssh_password": "centos", "region": "us-west-1", @@ -39,7 +40,8 @@ "disk_size": "{{user `disk_size`}}", "vboxmanage": [ ["modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}"], - ["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"] + ["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"], + ["modifyvm", "{{.Name}}", "--ostype", "{{user `guest_os_type`}}"] ], "iso_url": "http://mirror.vcu.edu/pub/gnu+linux/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1511.iso", "iso_checksum": "f90e4d28fa377669b2db16cbcb451fcb9a89d2460e3645993e30e137ac37d284",