From c650de85e5c102f0c907e2f66091932f57a3c6bb Mon Sep 17 00:00:00 2001 From: Leonhardt Wille Date: Wed, 25 Sep 2024 17:24:00 +0200 Subject: [PATCH 1/6] fix(offline-build): remove internal-use helm charts related to WPB-11283 --- offline/ci.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/offline/ci.sh b/offline/ci.sh index 5d403e51d..65f1346fd 100755 --- a/offline/ci.sh +++ b/offline/ci.sh @@ -4,7 +4,7 @@ set -euo pipefail INCREMENTAL="${INCREMENTAL:-0}" # Default exclude list -HELM_CHART_EXCLUDE_LIST="inbucket" +HELM_CHART_EXCLUDE_LIST="aws-ingress,backoffice,calling-test,fluent-bit,inbucket,k8ssandra-test-cluster,kibana,nginx-ingress-controller,restund" # Parse the HELM_CHART_EXCLUDE_LIST argument for arg in "$@" From 3ecb08b2bb3c65f373046314ec99ae9ccf3a58fe Mon Sep 17 00:00:00 2001 From: Leonhardt Wille Date: Thu, 26 Sep 2024 12:16:46 +0200 Subject: [PATCH 2/6] chore: update build.json link for SP1 --- offline/ci.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/offline/ci.sh b/offline/ci.sh index 8a422464a..5e3fe74b2 100755 --- a/offline/ci.sh +++ b/offline/ci.sh @@ -202,7 +202,7 @@ pull_charts() { echo "Pulling charts done." } -wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/c5729427af29609b904958e2d369573bae3daac6/build.json" +wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/a09d9ce86def35784fece9ade9fcbc62b87303c5/build.json" wire_build_chart_release "$wire_build" | pull_charts # Uncomment if you want to create non-wire-build release From 5b7b2c3bdc8f4462d65b5a9c762c5167c29620d4 Mon Sep 17 00:00:00 2001 From: Stefan Matting Date: Thu, 26 Sep 2024 15:15:56 +0200 Subject: [PATCH 3/6] bump wire-builds link --- offline/ci.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/offline/ci.sh b/offline/ci.sh index 5e3fe74b2..1ecd77f3e 100755 --- a/offline/ci.sh +++ b/offline/ci.sh @@ -202,7 +202,7 @@ pull_charts() { echo "Pulling charts done." } -wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/a09d9ce86def35784fece9ade9fcbc62b87303c5/build.json" +wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/5c138d5ac8d5aea8e2e6270c7c836ba5bc28c2ae/build.json" wire_build_chart_release "$wire_build" | pull_charts # Uncomment if you want to create non-wire-build release From 4f99376257323df5f541999933091c49548e1fbc Mon Sep 17 00:00:00 2001 From: Stefan Matting Date: Thu, 26 Sep 2024 16:42:01 +0200 Subject: [PATCH 4/6] bump wire-build --- offline/ci.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/offline/ci.sh b/offline/ci.sh index 1ecd77f3e..da7449e6e 100755 --- a/offline/ci.sh +++ b/offline/ci.sh @@ -202,7 +202,7 @@ pull_charts() { echo "Pulling charts done." } -wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/5c138d5ac8d5aea8e2e6270c7c836ba5bc28c2ae/build.json" +wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/4ec9c06fecc0d13aa62f25f719da48a3a48bd514/build.json" wire_build_chart_release "$wire_build" | pull_charts # Uncomment if you want to create non-wire-build release From 35323caaca5bcbc57149706647ce8e770af73a83 Mon Sep 17 00:00:00 2001 From: Stefan Matting Date: Mon, 30 Sep 2024 14:27:00 +0200 Subject: [PATCH 5/6] automation: disable cleaning up of CD environment --- .github/workflows/offline.yml | 10 +++++----- offline/cd.sh | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/offline.yml b/.github/workflows/offline.yml index 2bd9a518a..ef4c38b32 100644 --- a/.github/workflows/offline.yml +++ b/.github/workflows/offline.yml @@ -63,10 +63,10 @@ jobs: env: HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}' - - name: Clean up hetzner environment; just in case - if: always() - run: (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init && terraform destroy -auto-approve) - env: - HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}' + # - name: Clean up hetzner environment; just in case + # if: always() + # run: (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init && terraform destroy -auto-approve) + # env: + # HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}' diff --git a/offline/cd.sh b/offline/cd.sh index 6b8bee6f1..c818816d9 100755 --- a/offline/cd.sh +++ b/offline/cd.sh @@ -2,11 +2,11 @@ set -euo pipefail -function cleanup { - (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform destroy -auto-approve) - echo done -} -trap cleanup EXIT +# function cleanup { +# (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform destroy -auto-approve) +# echo done +# } +# trap cleanup EXIT (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init ; terraform apply -auto-approve ) adminhost=$(cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform output adminhost) adminhost="${adminhost//\"/}" # remove extra quotes around the returned string From 78609b4f105b7fd94f19c1a4aefe6efef1afe420 Mon Sep 17 00:00:00 2001 From: Stefan Matting Date: Mon, 30 Sep 2024 15:34:18 +0200 Subject: [PATCH 6/6] WIP --- ansible/hetzner-single-deploy.yml | 8 +++--- ansible/inventory.yaml | 1 + bin/autodeploy.sh | 47 ++++++++++++++++++++----------- bin/offline-vm-setup.sh | 2 +- 4 files changed, 37 insertions(+), 21 deletions(-) create mode 100644 ansible/inventory.yaml diff --git a/ansible/hetzner-single-deploy.yml b/ansible/hetzner-single-deploy.yml index 3c446f58c..9970b7d39 100644 --- a/ansible/hetzner-single-deploy.yml +++ b/ansible/hetzner-single-deploy.yml @@ -1,9 +1,9 @@ - hosts: all become: true vars: - artifact_hash: d8fe36747614968ea73ebd43d47b99364c52f9c1 - ubuntu_version: 22.04.4 - ssh_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPTGTo1lTqd3Ym/75MRyQvj8xZINO/GI6FzfIadSe5c backend+hetzner-dedicated-operator@wire.com" + artifact_hash: dd7b682ba14c65116fa9a87b1dc80787bbad16bb + ubuntu_version: 22.04.5 + ssh_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBantLLGJX/7S6zT+ixyNdQ81XSboOkErYo7Bi9tUIwX" tasks: - name: set ipv4 forward sysctl: @@ -40,7 +40,7 @@ - docker.io - telnet - python3-lxml - - qemu + - qemu-system-x86 - qemu-kvm - qemu-utils - libvirt-clients diff --git a/ansible/inventory.yaml b/ansible/inventory.yaml new file mode 100644 index 000000000..f48d0a9e4 --- /dev/null +++ b/ansible/inventory.yaml @@ -0,0 +1 @@ +webapp.wiab-autodeploy.wire.link diff --git a/bin/autodeploy.sh b/bin/autodeploy.sh index 31c077b19..b5f5083b0 100755 --- a/bin/autodeploy.sh +++ b/bin/autodeploy.sh @@ -2,6 +2,17 @@ # shellcheck disable=SC2087 set -Eeuo pipefail + +# +# Problems discovered while running this script +# +# - on first run "virsh" not found. This seems to be installed only later +# - change cleanup user logic: user should specify whether to clean. The script should warn if it's not in clean state, but never die +# - if `bash bin/offline-vm-setup.sh` fails then this script doesn't seem to notice it +# - the `offline-vm-setup.sh` seems to stop the python server before the vm installation can make use of it. Probably the virsh install commands run in the background and don't block the main script long enough for the python server to be still alive +# +# + msg() { echo >&2 -e "${1-}" } @@ -28,7 +39,7 @@ Running the script without any arguments requires one interaction - confirming t For CI usage, it's recommended to invoke "--force-redeploy". It is likely desirable to invoke the script with "--artifact-hash" and / or "--target-domain" as well. These are the hardcoded fallback values: - * artifact-hash = 5c06158547bc57846eadaa2be5c813ec43be9b59 + * artifact-hash = dd7b682ba14c65116fa9a87b1dc80787bbad16bb * target-domain = wiab-autodeploy.wire.link Available options: @@ -78,7 +89,7 @@ parse_params() { parse_params "$@" -ARTIFACT_HASH="${ARTIFACT_HASH:-5c06158547bc57846eadaa2be5c813ec43be9b59}" +ARTIFACT_HASH="${ARTIFACT_HASH:-dd7b682ba14c65116fa9a87b1dc80787bbad16bb}" TARGET_SYSTEM="${TARGET_SYSTEM:-wiab-autodeploy.wire.link}" FORCE_REDEPLOY="${FORCE_REDEPLOY:-0}" SUBDOMAINS="account assets coturn federator inbucket nginz-https nginz-ssl sft teams webapp" @@ -104,14 +115,14 @@ if ssh -q -o ConnectTimeout=5 -p "$SSH_PORT" "$SSH_USER"@webapp."$TARGET_SYSTEM" msg "" msg "INFO: Successfully logged into $TARGET_SYSTEM as $SSH_USER" else - die "ERROR: Can't log into $TARGET_SYSTEM via SSH, please check SSH connectivity." + die "ERROR: Can't log into webapp.$TARGET_SYSTEM via SSH, please check SSH connectivity." fi -if curl --head --silent --fail https://s3-eu-west-1.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-"$ARTIFACT_HASH".tgz >/dev/null 2>&1 ; then - msg "INFO: Artifact exists https://s3-eu-west-1.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-$ARTIFACT_HASH.tgz" -else - die "ERROR: No artifact found via https://s3-eu-west-1.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-$ARTIFACT_HASH.tgz" -fi +# if curl --head --silent --fail https://s3-eu-west-1.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-"$ARTIFACT_HASH".tgz >/dev/null 2>&1 ; then +# msg "INFO: Artifact exists https://s3-eu-west-1.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-$ARTIFACT_HASH.tgz" +# else +# die "ERROR: No artifact found via https://s3-eu-west-1.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-$ARTIFACT_HASH.tgz" +# fi system_cleanup_meta() { msg "" @@ -126,12 +137,15 @@ system_cleanup EOT } +# TODO:: Check if virsh is available. If not (fresh install) then you don't need to check +# for system_cleanup() { - for VM in $(virsh list --all --name); do virsh destroy "$VM"; virsh undefine "$VM" --remove-all-storage; done - docker system prune -a -f - rm -f /home/$DEMO_USER/.ssh/known_hosts - rm -rf /home/$DEMO_USER/wire-server-deploy - rm -f /home/$DEMO_USER/wire-server-deploy-static-*.tgz + echo "doing nothing" + # for VM in $(virsh list --all --name); do virsh destroy "$VM"; virsh undefine "$VM" --remove-all-storage; done + # docker system prune -a -f + # rm -f /home/$DEMO_USER/.ssh/known_hosts + # rm -rf /home/$DEMO_USER/wire-server-deploy + # rm -f /home/$DEMO_USER/wire-server-deploy-static-*.tgz } preprovision_hetzner() { @@ -144,12 +158,14 @@ preprovision_hetzner() { } remote_deployment() { + set -e msg() { echo >&2 -e "${1-}" } cd $SCRIPT_DIR &>/dev/null || exit 1 bash bin/offline-vm-setup.sh + msg "" while sudo virsh list --all | grep -Fq running; do sleep 20 @@ -170,8 +186,7 @@ remote_deployment() { ZAUTH_CONTAINER=$(sudo docker load -i "$SCRIPT_DIR"/containers-adminhost/quay.io_wire_zauth_*.tar | awk '{print $3}') export ZAUTH_CONTAINER WSD_CONTAINER=$(sudo docker load -i "$SCRIPT_DIR"/containers-adminhost/container-wire-server-deploy.tgz | awk '{print $3}') - d() { - sudo docker run --network=host -v "${SSH_AUTH_SOCK:-nonexistent}":/ssh-agent -e SSH_AUTH_SOCK=/ssh-agent -v "$HOME"/.ssh:/root/.ssh -v "$PWD":/wire-server-deploy "$WSD_CONTAINER" "$@" + d() { sudo docker run --network=host -v "${SSH_AUTH_SOCK:-nonexistent}":/ssh-agent -e SSH_AUTH_SOCK=/ssh-agent -v "$HOME"/.ssh:/root/.ssh -v "$PWD":/wire-server-deploy "$WSD_CONTAINER" "$@" } export -f d @@ -405,7 +420,7 @@ if [ "$DO_SYSTEM_CLEANUP" = true ] && [ "$FORCE_REDEPLOY" = 1 ]; then fi msg "INFO: Commencing Wire-in-a-box deployment on $TARGET_SYSTEM." -preprovision_hetzner +# preprovision_hetzner ssh -p "$SSH_PORT" "$DEMO_USER"@webapp."$TARGET_SYSTEM" "bash -s" <