Skip to content
Test Deployer

Update test-deployer.yml #62

Sign in to view logs

Update test-deployer.yml

Update test-deployer.yml #62

Workflow file for this run

.github/workflows/test-deployer.yml at 42e09fa
name: Test Deployer
on:
push:
branches:
- pipeline-test
jobs:
test-deployer:
runs-on: self-hosted
container:
image: ghcr.io/catthehacker/ubuntu:act-latest
env:
ANSIBLE_HOST_KEY_CHECKING: "False"
GIT_SSH_COMMAND: ssh -i ~/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
PIP_BREAK_SYSTEM_PACKAGES: "1"
timeout-minutes: 60
strategy:
matrix:
design: [aio, minimal, ha2, asa]
fail-fast: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install jq
run: apt update && apt install -y jq
- name: Install Python
run: |
apt install -y python3
wget https://bootstrap.pypa.io/get-pip.py && python3 get-pip.py && rm get-pip.py
ln -s /usr/bin/python3 /usr/bin/python || true
ln -s /usr/bin/pip3 /usr/bin/pip || true
#- name: Setup Python
# uses: actions/[email protected]
# with:
# python-version: 3.12
- name: Install OpenTofu
uses: opentofu/setup-opentofu@v1
with:
tofu_version: latest
- name: Install Ansible
run: |
pip install "ansible>=9.0.0,<10.0.0" "ansible-core>=2.11,<2.17"
ansible --version
- name: Install this collection
run: ansible-galaxy collection install . --force
- name: Download Platform and Gateway binaries
run: |
cd ~/.ansible/collections/ansible_collections/itential/deployer/playbooks
mkdir -p files
cd files
${{ secrets.PLATFORM_RPM_DOWNLOAD_COMMAND }}
${{ secrets.GATEWAY_WHL_DOWNLOAD_COMMAND }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ vars.AWS_REGION || 'us-east-1' }}
- name: Setup SSH for GitLab and EC2
run: |
mkdir -p ~/.ssh
echo "${{ secrets.GITLAB_SSH_KEY }}" > ~/.ssh/id_rsa
echo "${{ secrets.EC2_SSH_KEY }}" > ~/.ssh/pet-east1.open.pem
chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/pet-east1.open.pem
- name: Clone Themis repository
working-directory: ".."
run: |
rm -rf themis
git clone "${{ secrets.THEMIS_REPO_SSH_STRING }}"
cd themis
ls -la
- name: Install Themis Python script dependencies
working-directory: ../themis
run: pip install -r scripts/requirements.txt
- name: Initialize OpenTofu
working-directory: ../themis/tofu_aws
run: tofu init
- name: Provision EC2 instances for ${{ matrix.design }} design
working-directory: ../themis/tofu_aws
run: tofu apply -var-file=tfvars/${{ matrix.design }}.tfvars -auto-approve
- name: Generate Ansible inventory hosts file
working-directory: ../themis/tofu_aws
run: python3 ../scripts/generate_inventory.py -o hosts.json
- name: Configure Ansible to make all errors fatal
run: |
cat > ~/.ansible.cfg << 'EOF'
[defaults]
any_errors_fatal = True
max_fail_percentage = 0
EOF
- name: Create Ansible playbook to wait for EC2 instances to be ready
working-directory: ../themis
run: |
cat > wait-for-instances.yml << 'EOF'
---
- name: Wait for instances to initialize
hosts: all
gather_facts: no
become: no
serial: "{{ ansible_serial | default(10) }}"
vars:
ssh_port: 22
tasks:
- name: Wait for SSH connection to be ready
ansible.builtin.wait_for_connection:
delay: 10
timeout: 60
- name: Wait for cloud-init to complete (marker file check)
ansible.builtin.wait_for:
path: /var/log/cloud-init-finished.marker
timeout: 60
become: yes
- name: Update all packages
ansible.builtin.dnf:
name: "*"
state: latest
update_cache: yes
become: yes
- name: Clean DNF cache
ansible.builtin.dnf:
autoremove: yes
clean: all
become: yes
- name: Rebuild DNF cache
ansible.builtin.dnf:
update_cache: yes
become: yes
EOF
- name: Wait for EC2 instances to be ready
working-directory: ../themis
run: |
ansible-playbook wait-for-instances.yml -i tofu_aws/hosts.json -i inventories/common -i inventories/${{ matrix.design }} -v --key-file=~/.ssh/pet-east1.open.pem
- name: Run deployer on created instances
working-directory: ../themis
run: ansible-playbook itential.deployer.site -i tofu_aws/hosts.json -i inventories/common -i inventories/${{ matrix.design }} -v --key-file=~/.ssh/pet-east1.open.pem
- name: Verify that Platform is running correctly
working-directory: ../themis
run: |
for host in $(jq -r '.all.children.platform.hosts[] | .ansible_host' tofu_aws/hosts.json); do
python3 scripts/validate.py platform "http://$host:3000"
done
for host in $(jq -r '(.all.children.platform_secondary.hosts // [])[] | .ansible_host' tofu_aws/hosts.json); do
python3 scripts/validate.py platform "http://$host:3000"
done
- name: Verify that Gateway is running correctly
working-directory: ../themis
run: |
for host in $(jq -r '.all.children.gateway.hosts[] | .ansible_host' tofu_aws/hosts.json); do
python3 scripts/validate.py gateway "http://$host:8083"
done
- name: Verify that Redis is running correctly
working-directory: ../themis
run: |
for host in $(jq -r '.all.children.redis.hosts[] | .ansible_host' tofu_aws/hosts.json); do
python3 scripts/validate.py redis "$host"
done
for host in $(jq -r '(.all.children.redis_secondary.hosts // [])[] | .ansible_host' tofu_aws/hosts.json); do
python3 scripts/validate.py redis "$host"
done
- name: Verify that MongoDB is running correctly
working-directory: ../themis
run: |
for host in $(jq -r '.all.children.mongodb.hosts[] | .ansible_host' tofu_aws/hosts.json); do
python3 scripts/validate.py mongodb "$host"
done
for host in $(jq -r '(.all.children.mongodb_arbiter.hosts // [])[] | .ansible_host' tofu_aws/hosts.json); do
python3 scripts/validate.py mongodb "$host" --arbiter
done
- name: Tear down EC2 instances
if: always()
working-directory: ../themis/tofu_aws
run: tofu destroy -var-file=tfvars/${{ matrix.design }}.tfvars -auto-approve