diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 3cbdcb4..3a67faf 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,4 +1,4 @@ -name: Deploy +name: Deploy environment on: workflow_dispatch: diff --git a/.github/workflows/redeploy-ml102.yml b/.github/workflows/redeploy-ml102.yml new file mode 100644 index 0000000..d139d32 --- /dev/null +++ b/.github/workflows/redeploy-ml102.yml @@ -0,0 +1,125 @@ +name: Redploy ML102 + +on: + workflow_dispatch: + +jobs: + redeploy_ml102: + concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + runs-on: ubuntu-22.04 + env: + OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} + OS_APPLICATION_CREDENTIAL_NAME: ${{ secrets.OS_APPLICATION_CREDENTIAL_NAME }} + OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }} + AWS_ROUTE53_KEY_ID: ${{ secrets.AWS_ROUTE53_KEY_ID }} + AWS_ROUTE53_SECRET_KEY: ${{ secrets.AWS_ROUTE53_SECRET_KEY }} + TF_VAR_key_pair: ${{ secrets.KEY_PAIR_NAME }} + TF_VAR_extra_public_keys: '${{ vars.EXTRA_PUBLIC_KEYS }}' + TF_VAR_vm_user: ubuntu + steps: + - uses: actions/checkout@v3 + - uses: hashicorp/setup-terraform@v2 + with: + terraform_version: "1.6.3" + terraform_wrapper: false + - run: python --version + + - name: Write private key file + run: | + import os + with open(os.environ['TF_VAR_key_file'], 'w') as fh: + fh.write(os.environ['PRIVATE_KEY_CONTENT']) + shell: python + env: + TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key" + PRIVATE_KEY_CONTENT: ${{ secrets.PRIVATE_KEY_CONTENT }} + - run: chmod 400 ${TF_VAR_key_file} + env: + TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key" + + - name: Write clouds.yaml to temp dir + run: | + import os + with open(os.environ['CLOUDS_YAML_FILE'], 'w') as fh: + fh.write(os.environ['CLOUDS_YAML_CONTENT']) + shell: python + env: + CLOUDS_YAML_CONTENT: "${{ secrets.CLOUDS_YAML }}" + CLOUDS_YAML_FILE: "${{ runner.temp }}/clouds.yaml" + - name: Link clouds.yaml + run: | + mkdir -p ~/.config/openstack + ln -s ${CLOUDS_YAML_FILE} ~/.config/openstack/clouds.yaml + env: + CLOUDS_YAML_FILE: "${{ runner.temp }}/clouds.yaml" + + - run: echo "GITHUB_REF = $GITHUB_REF" + - run: echo "GITHUB_REF_NAME = $GITHUB_REF_NAME" + - run: echo "GITHUB_HEAD_REF = $GITHUB_HEAD_REF" + - run: echo "GITHUB_BASE_REF = $GITHUB_BASE_REF" + - run: echo "GITHUB_EVENT_NAME = $GITHUB_EVENT_NAME" + + - name: Write ansible config file to temp dir + run: | + cp ondemand-config.yml.example ${ONDEMAND_CONFIG_FILE} + sed -i'' "s/CHANGEME_KEYCLOAK_ADMIN_PASSWORD/$KEYCLOAK_ADMIN_PASSWORD/" ${ONDEMAND_CONFIG_FILE} + sed -i'' "s/CHANGEME_LDAP_ADMIN_PASSWORD/$LDAP_ADMIN_PASSWORD/" ${ONDEMAND_CONFIG_FILE} + sed -i'' "s/CHANGEME_OIDC_CRYPTO_PASSPHRASE/$OIDC_CRYPTO_PASSPHRASE/" ${ONDEMAND_CONFIG_FILE} + sed -i'' "s/CHANGEME_OPENSTACK_SSH_KEY_NAME/$KEY_PAIR_NAME/" ${ONDEMAND_CONFIG_FILE} + working-directory: vars + env: + KEYCLOAK_ADMIN_PASSWORD: '${{ secrets.KEYCLOAK_ADMIN_PASSWORD }}' + LDAP_ADMIN_PASSWORD: '${{ secrets.LDAP_ADMIN_PASSWORD }}' + OIDC_CRYPTO_PASSPHRASE: '${{ secrets.OIDC_CRYPTO_PASSPHRASE }}' + KEY_PAIR_NAME: '${{ secrets.KEY_PAIR_NAME }}' + ONDEMAND_CONFIG_FILE: '${{ runner.temp }}/ondemand-config.yml' + - name: Link ondemand config + run: | + ln -s ${ONDEMAND_CONFIG_FILE} ondemand-config.yml + working-directory: vars + env: + ONDEMAND_CONFIG_FILE: '${{ runner.temp }}/ondemand-config.yml' + + - name: Install ansible dependencies + run: ansible-galaxy install -r requirements.yml + - name: Terraform initialise + run: terraform init -input=false + env: + TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key" + working-directory: terraform + + - name: Switch terraform workspace (making sure it exists) + run: terraform workspace select -or-create=true ${GITHUB_BASE_REF:-$GITHUB_REF_NAME} + env: + TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key" + working-directory: terraform + + - name: Install required Python library (botocore and boto3) + run: | + pip install botocore + pip install boto3 + working-directory: terraform + + - name: Ensure infrastructure is setup + run: ansible-playbook setup-infra.yml -e operation=create -e terraform_workspace="${GITHUB_BASE_REF:-$GITHUB_REF_NAME}" + env: + TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key" + ANSIBLE_HOST_KEY_CHECKING: "False" + CLOUDS_YAML_BASE64: "${{ secrets.CLOUDS_YAML_BASE64 }}" + KUBE_CONFIG_BASE64: "${{ secrets.KUBE_CONFIG_BASE64 }}" + WILD_CERT_BASE64: "${{ secrets.WILD_CERT_BASE64 }}" + WILD_CERT_KEY_BASE64: "${{ secrets.WILD_CERT_KEY_BASE64 }}" + + - name: Redeploy ML102 + run: ansible-playbook redeploy-ml102.yml + env: + TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key" + ANSIBLE_HOST_KEY_CHECKING: "False" + CLOUDS_YAML_BASE64: "${{ secrets.CLOUDS_YAML_BASE64 }}" + KUBE_CONFIG_BASE64: "${{ secrets.KUBE_CONFIG_BASE64 }}" + WILD_CERT_BASE64: "${{ secrets.WILD_CERT_BASE64 }}" + WILD_CERT_KEY_BASE64: "${{ secrets.WILD_CERT_KEY_BASE64 }}" diff --git a/redeploy-ml102.yml b/redeploy-ml102.yml new file mode 100644 index 0000000..96927e9 --- /dev/null +++ b/redeploy-ml102.yml @@ -0,0 +1,24 @@ +# workflow to redploy ML102 on the training environment +# +# 1. Get the list of all training/trainer home directories +# 2. Delete any "ml102_workshop" directories in the homes +# 3. Delete the ML102 apptainer image +# 4. Pull the apptainer image +# +# Following this, any user that starts a new ML102 session +# will get the version from the newly downloaded image +# +# Note: this doesn't redeploy the OOD ML102 app +--- +- name: Get list of home directories on ML102 node + become: yes + hosts: webnode + find: + paths: /home/shared + file_type: directory + recurse: no + register: homes_find + +- debug: + var: item.path + with_items: "{{ homes_find.files }}"