Merge branch 'wait_for_cert_in_e2e_stage' into 'master'

Wait for LE cert in e2e CI stage Closes #53 See merge request openappstack/bootstrap!36

Merge branch 'wait_for_cert_in_e2e_stage' into 'master'
Wait for LE cert in e2e CI stage Closes #53 See merge request openappstack/bootstrap!36
d885300a · Maarten de Waard · bc4c6c68 · ce923073 · d885300a · d885300a
Commit d885300a authored 6 years ago by Maarten de Waard
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -34,8 +34,6 @@ bootstrap:
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
    - ANSIBLE_HOST_KEY_CHECKING=False python3 -u ./ci-bootstrap.py --create_droplet
-    # Wait for proper LE cert to get served
-    - timeout -t 1200 sh -c 'while ! curl --cacert ./letsencrypt_staging_bundle.pem -s https://auth.ci-${CI_PIPELINE_IID}.ci.openappstack.net/auth/ > /dev/null; do date; echo "Waiting for LE cert..."; sleep 5; done'
  cache:
    key: "$CI_PIPELINE_ID"
    paths:
@@ -68,10 +66,13 @@ behave:
  stage: e2e-test
  image: ${CI_REGISTRY_IMAGE}/bootstrap-ci
  script:
-    # Run behave tests
+    # Debug failing CI caches which happened in the past
+    - find . -name behave.ini
+    - ls -al test/behave
+    - grep -v 'keycloak.admin.password' test/behave/behave.ini
+    # Wait for proper LE cert to get served
+    - timeout -t 1200 sh -c 'while ! curl --cacert ./test/letsencrypt_staging_bundle.pem -s https://auth.ci-${CI_PIPELINE_ID}.ci.openappstack.net/auth/ > /dev/null; do date; echo "Waiting for LE cert..."; sleep 5; done'
    - cd test/behave/
-    - ls -al
-    - cat behave.ini | grep -v 'keycloak.admin.password'
    - behave -D headless=True --stop
  cache:
    key: "$CI_PIPELINE_ID"
@@ -90,4 +91,4 @@ terminate:
  script:
    # Remove droplet after successful tests
    - cd test/
-    - python3 -c "import cosmos; cosmos.terminate_droplets_by_name(\"^ci-${CI_PIPELINE_IID}\$\")"
+    - python3 -c "import cosmos; cosmos.terminate_droplets_by_name(\"^ci-${CI_PIPELINE_ID}\$\")"
--- a/ansible/roles/setup/tasks/main.yml
+++ b/ansible/roles/setup/tasks/main.yml
 ---

 - name: Create /oas/config/ssh_known_hosts
+  tags:
+    - ssh
  lineinfile:
    dest: /oas/config/ssh_known_hosts
    create: yes
@@ -8,70 +10,101 @@
    line: "{{ lookup('pipe', 'ssh-keyscan -trsa ' + ip_address) }}"

 - name: Build Cluster
+  tags:
+    - rke
  shell: /usr/local/bin/rke up --config=/oas/control/local/rke/cluster.yml >> /oas/logs/rke.log

 - name: Fetch /oas/logs/rke.log from cluster
+  tags:
+    - log
  fetch:
    src: /oas/logs/rke.log
    dest: ./rke.log
    flat: yes

 - name: Ensure /root/.kube directory
+  tags:
+    - kubectl
  file:
    state: directory
    path: /root/.kube

 - name: Link kubernetes config generated by rke
+  tags:
+    - kubectl
  file:
    state: link
    src: /oas/control/local/rke/kube_config_cluster.yml
    dest: /root/.kube/config

 - name: Install python3-pip
+  tags:
+    - package
  package:
    name: python3-pip

 # Needed for ansible k8s resource
 - name: Install openshift python module via pip3
+  tags:
+    - package
+    - pip
  pip:
    name: openshift
    executable: /usr/bin/pip3

 - name: Install Tiller
+  tags:
+    - tiller
  k8s:
    state: present
    definition: "{{ lookup('file', 'k8s-config/tiller-permissions.yml') }}"

 - name: Check if tiller is already instaled
+  tags:
+    - tiller
  command: /snap/bin/helm ls
  failed_when: false
  register: helm_ls
  changed_when: false

 - name: Initialize helm
+  tags:
+    - helm
  command: /snap/bin/helm init --service-account=tiller
  when: helm_ls.stderr.find('Error') != -1

 - name: Wait for tiller to become available
+  tags:
+    - tiller
  command: /snap/bin/kubectl rollout status -n kube-system deployment/tiller-deploy
  changed_when: false

 - name: Clone helmfiles repo
+  tags:
+    - git
+    - helm
+    - helmfile
  git:
    repo: 'https://code.greenhost.net/openappstack/helmfiles'
    dest: '/oas/source/repos/helmfiles'

 - name: Clone charts repo
+  tags:
+    - git
  git:
    repo: 'https://code.greenhost.net/openappstack/charts'
    dest: '/oas/source/repos/charts'

 - name: Clone local-storage repo
+  tags:
+    - git
  git:
    repo: 'https://code.greenhost.net/openappstack/local-storage'
    dest: '/oas/source/repos/local-storage'

 - name: Configure Keycloak realm configmap
+  tags:
+    - keycloak
  k8s:
    state: present
    namespace: default
@@ -79,6 +112,8 @@
    definition: "{{ lookup('file', 'k8s-config/realm.yml') }}"

 - name: Remove old Keycloak secret
+  tags:
+    - keycloak
  k8s:
    state: absent
    namespace: default
@@ -86,11 +121,17 @@
    name: "realm-secret"

 - name: Ensure /oas/config/values/apps directory
+  tags:
+    - config
+    - oas
  file:
    state: directory
    path: /oas/config/values/apps

 - name: Touch config file locations
+  tags:
+    - config
+    - oas
  file:
    state: touch
    path: "{{ item }}"
@@ -100,6 +141,9 @@
    - /oas/config/values/apps/keycloak.yaml

 - name: Apply helmfiles
+  tags:
+    - helmfile
+    - keycloak
  environment:
    - KEYCLOAK_PASSWORD: "{{ keycloak_password }}"
-  command: '/usr/local/bin/helmfile -b /snap/bin/helm -e oas -f /oas/source/repos/helmfiles/helmfile.d/ apply'
+  command: '/usr/local/bin/helmfile -b /snap/bin/helm -e oas -f /oas/source/repos/helmfiles/helmfile.d/ apply --suppress-secrets'
--- a/test/ci-bootstrap.py
+++ b/test/ci-bootstrap.py
@@ -116,11 +116,11 @@ if __name__ == "__main__":
        # - 411: ci, ed25519
        # - 407: varac

-        if "CI_PIPELINE_IID" in os.environ:
-            instance_id = os.environ['CI_PIPELINE_IID']
+        if "CI_PIPELINE_ID" in os.environ:
+            instance_id = os.environ['CI_PIPELINE_ID']
        else:
            # Use random generated ID in case we're not running in gitlab CI
-            # and there's no CI_PIPELINE_IID env var
+            # and there's no CI_PIPELINE_ID env var
            instance_id = ''.join(
                random.choice(string.ascii_lowercase + string.digits)
                for _ in range(10))