Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix wsd ci #747

Closed
wants to merge 18 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,11 @@ jobs:
run: nix-build -A env
- name: Install the environment
run: nix-env -f . -A env -i
- name: Install terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: "^1.3.7"
terraform_wrapper: false
- name: Check terraform init
run: |
cd terraform/environment
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/offline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,12 @@ jobs:
env:
DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'

- name: Install terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: "^1.3.7"
terraform_wrapper: false

- name: Deploy offline environment to hetzner
run: |
./offline/cd.sh
Expand Down
18 changes: 9 additions & 9 deletions ansible/seed-offline-containerd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,12 @@
####################################################################################################


- name: Download restund container
hosts: restund
tags: restund-containers
tasks:
- name: load restund container
shell: |
for container in $(curl -q {{ assethost_host }}/containers-other/index.txt);do
curl -q "{{ assethost_host }}/containers-other/$container" | ctr -n=k8s.io images import -
done
#- name: Download restund container
# hosts: restund
# tags: restund-containers
# tasks:
# - name: load restund container
# shell: |
# for container in $(curl -q {{ assethost_host }}/containers-other/index.txt);do
# curl -q "{{ assethost_host }}/containers-other/$container" | ctr -n=k8s.io images import -
# done
4 changes: 2 additions & 2 deletions bin/offline-cluster.sh
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/setup-offline-sources.yml
ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/kubernetes.yml --tags bastion,bootstrap-os,preinstall,container-engine

# Install docker on the restund nodes
ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/restund.yml --tags docker
# ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/restund.yml --tags docker

# With ctr being installed on all nodes that need it, seed all container images:
ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/seed-offline-containerd.yml
Expand All @@ -53,7 +53,7 @@ ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/kubernetes.yml --skip-tags boot
ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/cassandra.yml
ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/elasticsearch.yml
ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/minio.yml
ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/restund.yml
# ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/restund.yml

# create helm values that tell our helm charts what the IP addresses of cassandra, elasticsearch and minio are:
ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/helm_external.yml --skip-tags=rabbitmq-external
21 changes: 14 additions & 7 deletions bin/offline-helm.sh
Original file line number Diff line number Diff line change
Expand Up @@ -11,25 +11,32 @@ helm upgrade --install --wait demo-smtp ./charts/demo-smtp --values ./values/dem
helm upgrade --install --wait rabbitmq ./charts/rabbitmq --values ./values/rabbitmq/prod-values.example.yaml --values ./values/rabbitmq/prod-secrets.example.yaml
helm upgrade --install --wait databases-ephemeral ./charts/databases-ephemeral --values ./values/databases-ephemeral/prod-values.example.yaml
helm upgrade --install --wait reaper ./charts/reaper
helm upgrade --install --wait --timeout=15m0s wire-server ./charts/wire-server --values ./values/wire-server/prod-values.example.yaml --values ./values/wire-server/secrets.yaml
helm upgrade --install --wait --timeout=30m0s wire-server ./charts/wire-server --values ./values/wire-server/prod-values.example.yaml --values ./values/wire-server/secrets.yaml

sleep 15m
kubectl get pods --all-namespaces -o wide
sleep 10m
kubectl get pods --all-namespaces -o wide

# if charts/webapp directory exists
if [ -d "./charts/webapp" ]; then
helm upgrade --install --wait --timeout=15m0s webapp ./charts/webapp --values ./values/webapp/prod-values.example.yaml
helm upgrade --install --wait webapp ./charts/webapp --values ./values/webapp/prod-values.example.yaml
fi

if [ -d "./charts/account-pages" ]; then
helm upgrade --install --wait --timeout=15m0s account-pages ./charts/account-pages --values ./values/account-pages/prod-values.example.yaml
helm upgrade --install --wait account-pages ./charts/account-pages --values ./values/account-pages/prod-values.example.yaml
fi

if [ -d "./charts/team-settings" ]; then
helm upgrade --install --wait --timeout=15m0s team-settings ./charts/team-settings --values ./values/team-settings/prod-values.example.yaml --values ./values/team-settings/prod-secrets.example.yaml
helm upgrade --install --wait team-settings ./charts/team-settings --values ./values/team-settings/prod-values.example.yaml --values ./values/team-settings/prod-secrets.example.yaml
fi

helm upgrade --install --wait --timeout=15m0s smallstep-accomp ./charts/smallstep-accomp --values ./values/smallstep-accomp/prod-values.example.yaml
helm upgrade --install --wait --timeout=15m0s ingress-nginx-controller ./charts/ingress-nginx-controller --values ./values/ingress-nginx-controller/hetzner-ci.example.yaml
helm upgrade --install --wait smallstep-accomp ./charts/smallstep-accomp --values ./values/smallstep-accomp/prod-values.example.yaml
helm upgrade --install --wait ingress-nginx-controller ./charts/ingress-nginx-controller --values ./values/ingress-nginx-controller/hetzner-ci.example.yaml

echo "Printing all pods status: "
kubectl get pods --all-namespaces -o wide
#./bin/debug_logs.sh
sleep 1m
./bin/debug_logs.sh
# TODO: Requires certs; which we do not have in CI/CD at this point. future work =) (Would need cert-manager in offline package. That'd be neat)
# helm upgrade --install --wait nginx-ingress-services ./charts/nginx-ingress-services --values ./values/nginx-ingress-services/values.yaml --values ./values/nginx-ingress-services/secrets.yaml
14 changes: 14 additions & 0 deletions bin/offline-secrets.sh
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@ brig:
secret: "$zrest"
awsKeyId: dummykey
awsSecretKey: dummysecret
rabbitmq:
username: wire-server
password: verysecurepassword
# These are only necessary if you wish to support sign up via SMS/calls
# And require accounts at twilio.com / nexmo.com
setTwilio: |-
Expand All @@ -39,6 +42,11 @@ brig:
setNexmo: |-
key: "dummy"
secret: "dummy"
cannon:
secrets:
rabbitmq:
username: wire-server
password: verysecurepassword
cargohold:
secrets:
awsKeyId: "$minio_access_key"
Expand All @@ -47,10 +55,16 @@ galley:
secrets:
awsKeyId: dummykey
awsSecretKey: dummysecret
rabbitmq:
username: wire-server
password: verysecurepassword
gundeck:
secrets:
awsKeyId: dummykey
awsSecretKey: dummysecret
rabbitmq:
username: wire-server
password: verysecurepassword
nginz:
secrets:
zAuth:
Expand Down
6 changes: 3 additions & 3 deletions offline/ci.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ set -euo pipefail

INCREMENTAL="${INCREMENTAL:-0}"

# Default exclude list
HELM_CHART_EXCLUDE_LIST="inbucket"
# Default exclude list, temporary wire-server-enterprise exclusion due to access privileges
HELM_CHART_EXCLUDE_LIST="inbucket,wire-server-enterprise"

# Parse the HELM_CHART_EXCLUDE_LIST argument
for arg in "$@"
Expand Down Expand Up @@ -156,7 +156,7 @@ wire_build_chart_release () {
wire_build="$1"
curl "$wire_build" | jq -r --argjson HELM_CHART_EXCLUDE_LIST "$HELM_CHART_EXCLUDE_LIST" '
.helmCharts
| with_entries(select([.key] | inside($HELM_CHART_EXCLUDE_LIST) | not))
| with_entries(select(.key as $k | $HELM_CHART_EXCLUDE_LIST | index($k) | not))
| to_entries
| map("\(.key) \(.value.repo) \(.value.version)")
| join("\n")
Expand Down
9 changes: 9 additions & 0 deletions values/wire-server/prod-secrets.example.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,12 @@ brig:
# username: wire-server
# password: verysecurepassword

cannon:
secrets:
rabbitmq:
username: wire-server
password: verysecurepassword

cargohold:
secrets:
# these only need to be changed if using real AWS services
Expand All @@ -49,6 +55,9 @@ gundeck:
# these only need to be changed if using real AWS services
awsKeyId: dummykey
awsSecretKey: dummysecret
rabbitmq:
username: wire-server
password: verysecurepassword

proxy:
secrets:
Expand Down
4 changes: 4 additions & 0 deletions values/wire-server/prod-values.example.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -258,3 +258,7 @@ legalhold:
federator:
tls:
useSharedFederatorSecret: true

background-worker:
config:
enableFederation: false