Merge branch 'master' into 137-bootstrap-cli-script

d36d47e5 · Varac · 708a23be · 4d589e5b · d36d47e5 · d36d47e5
Verified Commit d36d47e5 authored 5 years ago by Varac
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -17,17 +17,14 @@ variables:
 ci_test_image:
  stage: build
-  variables:
+  image:
-    DOCKER_DRIVER: overlay2
+    # We need a shell to provide the registry credentials, so we need to use the
-  image: docker:stable
+    # kaniko debug image (https://github.com/GoogleContainerTools/kaniko#debug-image)
-  services:
+    name: gcr.io/kaniko-project/executor:debug
-    - docker:18-dind  # FIXME This is an older version of DIND. Update when gitlab-runner fixes https://gitlab.com/gitlab-org/gitlab-runner/issues/4501
+    entrypoint: [""]
-  before_script:
-    - docker info
  script:
-    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
-    - docker build -t ${CI_REGISTRY_IMAGE}/openappstack-ci:${CI_COMMIT_REF_NAME} .
+    - /kaniko/executor --context ${CI_PROJECT_DIR} --dockerfile ${CI_PROJECT_DIR}/Dockerfile --destination $CI_REGISTRY_IMAGE/openappstack-ci:${CI_COMMIT_REF_NAME}
-    - docker push ${CI_REGISTRY_IMAGE}/openappstack-ci:${CI_COMMIT_REF_NAME}
  only:
    changes:
      - Dockerfile
@@ -55,6 +52,7 @@ bootstrap:
    when: always
  only:
    changes:
+      - .gitlab-ci.yml
      - ansible/**/*
      - helmfiles/**/*
      - test/**/*
@@ -81,6 +79,7 @@ install:
    expire_in: 1 month
  only:
    changes:
+      - .gitlab-ci.yml
      - ansible/**/*
      - helmfiles/**/*
      - test/**/*
@@ -97,6 +96,7 @@ testinfra:
    - pytest -v -m 'testinfra' --connection=ansible --ansible-inventory=../clusters/$HOSTNAME/inventory.yml --hosts='ansible://*'
  only:
    changes:
+      - .gitlab-ci.yml
      - ansible/**/*
      - helmfiles/**/*
      - test/**/*
@@ -116,6 +116,7 @@ certs:
    - pytest -s -m 'certs' --connection=ansible --ansible-inventory=../clusters/$HOSTNAME/inventory.yml --hosts='ansible://*'
  only:
    changes:
+      - .gitlab-ci.yml
      - ansible/**/*
      - helmfiles/**/*
      - test/**/*
@@ -134,6 +135,7 @@ behave-nextcloud:
  retry: 2
  only:
    changes:
+      - .gitlab-ci.yml
      - ansible/**/*
      - helmfiles/**/*
      - test/**/*
@@ -151,6 +153,7 @@ behave-grafana:
    when: on_failure
  only:
    changes:
+      - .gitlab-ci.yml
      - ansible/**/*
      - helmfiles/**/*
      - test/**/*
@@ -163,9 +166,10 @@ terminate:
    # Remove droplet after successful tests
    - echo "$CI_COMMIT_MESSAGE" | grep '!ci_dont_terminate' && echo 'Termination of droplet disabled in commit message.' || python3 -m openappstack $HOSTNAME --terminate
    # Remove droplet older than 2 days
-    - python3 -c "import openappstack.cosmos; openappstack.cosmos.terminate_droplets_by_name(\"^ci-\", 2)"
+    - python3 -c "import greenhost_cloud; greenhost_cloud.terminate_droplets_by_name(\"^ci-\", 2)"
  only:
    changes:
+      - .gitlab-ci.yml
      - ansible/**/*
      - helmfiles/**/*
      - test/**/*

--- a/ansible/bootstrap.yml
+++ b/ansible/bootstrap.yml
@@ -45,3 +45,7 @@
      tags: ['rke_configuration']
    - role: setup
      tags: ['setup']
+    - role: apps
+      tags: ['apps']
+    - role: finalize
+      tags: ['finalize']
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
@@ -16,10 +16,13 @@ nextcloud_mariadb_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/ne
 nextcloud_mariadb_root_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/nextcloud_mariadb_root_password chars=ascii_letters') }}"
 grafana_admin_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/grafana_admin_password chars=ascii_letters') }}"
+# Kubernetes version
+kubernetes_version: "v1.14.3-rancher1-1"
 # git repo versions
 git_charts_version: 'HEAD'
 git_local_storage_version: 'HEAD'
-git_nextcloud_version: '897c800f7a1d632784d8dc721f34362d4e789743'
+git_nextcloud_version: '21aac1909edf5dc84eae067a536a16e16ca897fb'
 # Application versions
 # https://github.com/kubernetes-sigs/krew/releases
@@ -39,3 +42,10 @@ rke:
  # Also possible:
  # checksum: 'sha256:https://github.com/rancher/rke/releases/download/v0.2.4/sha256sum.txt'
  checksum: 'sha256:7c05727aa3d6f8c4b5f60b057f1fe7883af48d5a778e3b1668f178dda84883ee'
+cert_manager:
+  version: '0.9.1'
+  # cert-manager requires custom resource definitions applied before installing
+  # the helm chart. See https://hub.helm.sh/charts/jetstack/cert-manager for
+  # details
+  crd_version: '0.9'
--- a/ansible/roles/setup/tasks/cert-manager.yml
+++ b/ansible/roles/setup/tasks/cert-manager.yml
@@ -2,7 +2,7 @@
 - name: Install CRDs for cert-manager
  tags:
    - cert-manager
-  command: /snap/bin/kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.8/deploy/manifests/00-crds.yaml
+  command: '/snap/bin/kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-{{ cert_manager.crd_version }}/deploy/manifests/00-crds.yaml'
 - name: Prevent validation deadlock for cert-manager
  tags:

--- a/ansible/roles/apps/tasks/helmfiles.yml
+++ b/ansible/roles/apps/tasks/helmfiles.yml
+---
+- name: Clone nextcloud repo
+  tags:
+    - git
+  git:
+    repo: 'https://open.greenhost.net/openappstack/nextcloud'
+    dest: '{{ data_directory }}/source/repos/nextcloud'
+    version: '{{ git_nextcloud_version }}'
+- name: Clone local-storage repo
+  tags:
+    - git
+  git:
+    repo: 'https://open.greenhost.net/openappstack/local-storage'
+    dest: '{{ data_directory }}/source/repos/local-storage'
+    version: '{{ git_local_storage_version }}'
+- name: Apply helmfiles
+  tags:
+    - helmfile
+  environment:
+    - NEXTCLOUD_PASSWORD: "{{ nextcloud_password }}"
+    - NEXTCLOUD_MARIADB_PASSWORD: "{{ nextcloud_mariadb_password }}"
+    - NEXTCLOUD_MARIADB_ROOT_PASSWORD: "{{ nextcloud_mariadb_root_password }}"
+    - GRAFANA_ADMIN_PASSWORD: "{{ grafana_admin_password }}"
+  shell: /usr/local/bin/helmfile -b /snap/bin/helm -e oas -f {{ data_directory }}/source/helmfiles/helmfile.d/{{ item }}.yaml apply --suppress-secrets | sed 's/\x1B\[[0-9;]*[JKmsu]//g' >> {{ log_directory }}/helmfile.log
+  with_items: "{{ helmfiles }}"
+  when: item is not search("cert-manager")
--- a/ansible/roles/setup/tasks/helmfiles.yml
+++ b/ansible/roles/setup/tasks/helmfiles.yml
@@ -20,22 +20,6 @@
    version: '{{ git_charts_version }}'
  become: true
- name: Clone nextcloud repo
-  tags:
-    - git
-  git:
-    repo: 'https://open.greenhost.net/openappstack/nextcloud'
-    dest: '{{ data_directory }}/source/repos/nextcloud'
-    version: '{{ git_nextcloud_version }}'
- name: Clone local-storage repo
-  tags:
-    - git
-  git:
-    repo: 'https://open.greenhost.net/openappstack/local-storage'
-    dest: '{{ data_directory }}/source/repos/local-storage'
-    version: '{{ git_local_storage_version }}'
 - name: Create OAS namespaces
  tags:
    - kubernetes
@@ -85,15 +69,3 @@
    - helmfile
  shell: 'helm ls --failed --short | xargs -L1 helm delete --purge'
  when: helm_failed_deployments.stdout != ""
- name: Apply helmfiles
-  tags:
-    - helmfile
-    - tmp
-  environment:
-    - NEXTCLOUD_PASSWORD: "{{ nextcloud_password }}"
-    - NEXTCLOUD_MARIADB_PASSWORD: "{{ nextcloud_mariadb_password }}"
-    - NEXTCLOUD_MARIADB_ROOT_PASSWORD: "{{ nextcloud_mariadb_root_password }}"
-    - GRAFANA_ADMIN_PASSWORD: "{{ grafana_admin_password }}"
-  command: "/usr/local/bin/helmfile -b /snap/bin/helm -e oas -f {{ data_directory }}/source/helmfiles/helmfile.d/{{ item }}.yaml apply --suppress-secrets"
-  with_items: "{{ helmfiles }}"
--- a/ansible/roles/apps/tasks/main.yml
+++ b/ansible/roles/apps/tasks/main.yml
+---
+- import_tasks: init.yml
+- import_tasks: cert-manager.yml
+- import_tasks: helmfiles.yml
--- a/ansible/roles/finalize/tasks/main.yml
+++ b/ansible/roles/finalize/tasks/main.yml
+---
+- import_tasks: sync_cluster_data.yml
--- a/ansible/roles/finalize/tasks/sync_cluster_data.yml
+++ b/ansible/roles/finalize/tasks/sync_cluster_data.yml
+---
+- name: Copy cluster information to local folder
+  tags:
+    - fetch
+    - rke
+    - kubectl
+    - helmfile
+  fetch:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    flat: yes
+  loop:
+    - src: "{{ data_directory }}/rke/kube_config_cluster.yml"
+      dest: "{{ secret_directory }}/kube_config_cluster.yml"
+    - src: "{{ log_directory }}/rke.log"
+      dest: cluster_data/rke.log
+    - src: "{{ data_directory }}/rke/cluster.yml"
+      dest: cluster_data/rke_cluster.yml
+    - src: "{{ log_directory }}/helmfile.log"
+      dest: cluster_data/helmfile.log
--- a/ansible/roles/rke_configuration/templates/cluster.yml.j2
+++ b/ansible/roles/rke_configuration/templates/cluster.yml.j2
@@ -72,7 +72,7 @@ authorization:
  mode: rbac
  options: {}
 ignore_docker_version: false
-kubernetes_version: "v1.13.5-rancher1-3"
+kubernetes_version: {{ kubernetes_version }}
 private_registries: []
 ingress:
  # Set this to none, so we can install nginx ourselves.

--- a/ansible/roles/setup/tasks/main.yml
+++ b/ansible/roles/setup/tasks/main.yml
@@ -2,6 +2,4 @@
 - import_tasks: ssh.yml
 - import_tasks: rke.yml
 - import_tasks: tiller.yml
- import_tasks: cert-manager.yml
- import_tasks: helmfiles.yml
 - import_tasks: krew.yml
--- a/ansible/roles/setup/tasks/rke.yml
+++ b/ansible/roles/setup/tasks/rke.yml
 ---
+- name: Check if there is an cluster.rkestate at the old location (/oas/control/local/rke/)
+  stat: path=/oas/control/local/rke/cluster.rkestate
+  register: old_cluster_rkestate
+- name: Move rke cluster state file from old to new location
+  command: mv /oas/control/local/rke/cluster.rkestate /var/lib/OpenAppStack/rke/cluster.rkestate
+  when: old_cluster_rkestate.stat.exists
 - name: Build Cluster
  tags:
    - rke
@@ -20,20 +29,3 @@
    state: link
    src: "{{ data_directory }}/rke/kube_config_cluster.yml"
    dest: /root/.kube/config
- name: Copy cluster information to local folder
-  tags:
-    - fetch
-    - rke
-    - kubectl
-  fetch:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    flat: yes
-  loop:
-    - src: "{{ data_directory }}/rke/kube_config_cluster.yml"
-      dest: "{{ cluster_dir }}/secrets/kube_config_cluster.yml"
-    - src: "{{ log_directory }}/rke.log"
-      dest: "{{ cluster_dir }}/rke.log"
-    - src: "{{ data_directory }}/rke/cluster.yml"
-      dest: "{{ cluster_dir }}/rke_cluster.yml"
--- a/helmfiles/helmfile.d/05-cert-manager.yaml
+++ b/helmfiles/helmfile.d/05-cert-manager.yaml
@@ -11,7 +11,7 @@ releases:
  - name: "oas-{{ .Environment.Values.releaseName }}-cert-manager"
    namespace: "cert-manager"
    chart: "jetstack/cert-manager"
-    version: "0.9.1"
+    version: '{{ cert_manager.version }}'
    values:
    - "../values/cert-manager.yaml.gotmpl"
    wait: false
--- a/helmfiles/helmfile.d/15-monitoring.yaml
+++ b/helmfiles/helmfile.d/15-monitoring.yaml
@@ -7,6 +7,7 @@ releases:
  - name: "oas-{{ .Environment.Values.releaseName }}-prometheus"
    namespace: "oas"
    chart: "stable/prometheus-operator"
+    version: 5.15.0
    values:
    - "../values/prometheus.yaml.gotmpl"
    - "/etc/OpenAppStack/values/apps/prometheus.yaml.gotmpl"

--- a/requirements.txt
+++ b/requirements.txt
@@ -7,7 +7,6 @@ openshift>=0.8.6
 # Needed for testinfra using the ansible module
 paramiko
 psutil>=5.5.0
-pycurl>=7.43.0.2
 pyopenssl>=19.0.0
 pytest>=4.3.0
 requests>=2.19.1
@@ -16,4 +15,4 @@ testinfra>=3.0.0
 setuptools>=40.6.2
 wheel>=0.33.1
 pytz>=2019.1
+-e git+https://open.greenhost.net/greenhost/cloud-api#egg=greenhost_cloud