From e7643e997092c46838fbaa325d6f7916fdcfa80f Mon Sep 17 00:00:00 2001 From: Amit Sagtani Date: Mon, 4 Nov 2024 09:55:47 +0100 Subject: [PATCH] Fix wiab automation (#742) Created new Github Action to deploy the new artifact on a dedicated hetzner machine. --- .github/workflows/custom-artifact.yml | 7 ++++- .github/workflows/deploy-wiab.yml | 37 ++++++++++++++++++++++++++ ansible/hetzner-single-deploy.yml | 5 +--- bin/autodeploy.sh | 38 ++++++++++++++++++--------- bin/offline-vm-setup.sh | 5 ++++ 5 files changed, 74 insertions(+), 18 deletions(-) create mode 100644 .github/workflows/deploy-wiab.yml diff --git a/.github/workflows/custom-artifact.yml b/.github/workflows/custom-artifact.yml index 8dfb6bc25..9a246a77a 100644 --- a/.github/workflows/custom-artifact.yml +++ b/.github/workflows/custom-artifact.yml @@ -5,7 +5,7 @@ on: workflow_dispatch: jobs: offline: - name: Prepare custom offline package + name: Prepare custom offline package # Do not change this name, it is used to trigger deploy-wiab workflow # Useful to skip expensive CI when writing docs if: "!contains(github.event.head_commit.message, 'skip ci')" runs-on: @@ -54,6 +54,11 @@ jobs: env: DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' + # Set output for deploy-wiab workflow to start + - name: Set output to trigger dependent workflow + if: success() + run: echo "::set-output name=trigger_next_workflow::true" + - name: Deploy offline environment to hetzner run: | ./offline/cd.sh diff --git a/.github/workflows/deploy-wiab.yml b/.github/workflows/deploy-wiab.yml new file mode 100644 index 000000000..a7c74e289 --- /dev/null +++ b/.github/workflows/deploy-wiab.yml @@ -0,0 +1,37 @@ +name: Deploy on Hetzner WIAB setup +on: + workflow_run: + workflows: ["Prepare custom offline package"] + types: + - completed + +jobs: + deploy: + runs-on: ubuntu-latest + concurrency: + group: autodeploy-script + cancel-in-progress: false + + steps: + # Step 1: Checkout the repository code + - name: Checkout code + uses: actions/checkout@v3 + + # Step 2: Set up SSH key for remote access + - name: Set up SSH key + uses: webfactory/ssh-agent@v0.5.3 + with: + ssh-private-key: ${{ secrets.WIAB_PRIVATE_SSH_KEY }} + + # Step 3: Get the latest commit SHA, for the artifact + - name: Get latest commit SHA + id: get_commit_sha + run: | + COMMIT_SHA=$(git rev-parse HEAD) + echo "commit_sha=$COMMIT_SHA" >> $GITHUB_ENV + + # Step 4: Run the autodeploy script + - name: Run Auto Deploy Script + run: | + cd bin + ./autodeploy.sh --artifact-hash ${{ env.COMMIT_SHA }} --target-domain wiab-test-box.wire.link --force-redeploy diff --git a/ansible/hetzner-single-deploy.yml b/ansible/hetzner-single-deploy.yml index 3c446f58c..4d086fe32 100644 --- a/ansible/hetzner-single-deploy.yml +++ b/ansible/hetzner-single-deploy.yml @@ -2,7 +2,7 @@ become: true vars: artifact_hash: d8fe36747614968ea73ebd43d47b99364c52f9c1 - ubuntu_version: 22.04.4 + ubuntu_version: 22.04.5 ssh_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPTGTo1lTqd3Ym/75MRyQvj8xZINO/GI6FzfIadSe5c backend+hetzner-dedicated-operator@wire.com" tasks: - name: set ipv4 forward @@ -171,7 +171,6 @@ stat: path: /home/demo/wire-server-deploy-static-{{ artifact_hash }}.tgz get_checksum: False - get_md5: False register: artifact_archive_file_check - name: download wire-server-deploy archive shell: @@ -182,7 +181,6 @@ stat: path: /home/demo/wire-server-deploy/containers-helm.tar get_checksum: False - get_md5: False register: artifact_folder_content_check - name: unpack wire-server-deploy archive unarchive: @@ -194,7 +192,6 @@ stat: path: /home/demo/wire-server-deploy/ubuntu.iso get_checksum: False - get_md5: False register: iso_file_check - name: download ubuntu {{ ubuntu_version }} iso shell: diff --git a/bin/autodeploy.sh b/bin/autodeploy.sh index 31c077b19..7c6bfd18b 100755 --- a/bin/autodeploy.sh +++ b/bin/autodeploy.sh @@ -92,6 +92,7 @@ msg "" msg "INFO: starting Wire-in-a-box deployment for $TARGET_SYSTEM using artifact ID $ARTIFACT_HASH" msg "" + for SUBDOMAIN in $SUBDOMAINS; do if host "$SUBDOMAIN"."$TARGET_SYSTEM" >/dev/null 2>&1 ; then msg "INFO: DNS A record exists: $SUBDOMAIN.$TARGET_SYSTEM" @@ -100,13 +101,14 @@ for SUBDOMAIN in $SUBDOMAINS; do fi done -if ssh -q -o ConnectTimeout=5 -p "$SSH_PORT" "$SSH_USER"@webapp."$TARGET_SYSTEM" id | grep -q "$SSH_USER"; then +if ssh -q -o StrictHostKeyChecking=no -o ConnectTimeout=5 -p "$SSH_PORT" "$SSH_USER"@webapp."$TARGET_SYSTEM" id | grep -q "$SSH_USER"; then msg "" msg "INFO: Successfully logged into $TARGET_SYSTEM as $SSH_USER" else die "ERROR: Can't log into $TARGET_SYSTEM via SSH, please check SSH connectivity." fi + if curl --head --silent --fail https://s3-eu-west-1.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-"$ARTIFACT_HASH".tgz >/dev/null 2>&1 ; then msg "INFO: Artifact exists https://s3-eu-west-1.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-$ARTIFACT_HASH.tgz" else @@ -118,7 +120,7 @@ system_cleanup_meta() { msg "INFO: Cleaning up all VMs, docker resources and wire-server-deploy files on $TARGET_SYSTEM." msg "" sleep 5 - ssh -p "$SSH_PORT" "$SSH_USER"@webapp."$TARGET_SYSTEM" "bash -s" < /dev/null; then + for VM in $(virsh list --all --name); do virsh destroy "$VM"; virsh undefine "$VM" --remove-all-storage; done + fi + if which docker > /dev/null; then + docker system prune -a -f + fi rm -f /home/$DEMO_USER/.ssh/known_hosts rm -rf /home/$DEMO_USER/wire-server-deploy rm -f /home/$DEMO_USER/wire-server-deploy-static-*.tgz @@ -139,8 +145,13 @@ preprovision_hetzner() { msg "INFO: running local ansible playbook for inital server deployment." msg "INFO: This will setup up the Hetzner system with basic defaults, download and unpack the wire-server-deploy artifact." sleep 5 - export LC_ALL="C.UTF-8"; - ansible-playbook ../ansible/hetzner-single-deploy.yml -e "artifact_hash=$ARTIFACT_HASH" -i $SSH_USER@webapp."$TARGET_SYSTEM", --diff + # on Mac devices C.UTF-8 is not available + if [[ $(uname) == "Darwin" ]]; then + export LC_ALL=en_US.UTF-8 + else + export LC_ALL=C.UTF-8 + fi + ansible-playbook ../ansible/hetzner-single-deploy.yml -e "artifact_hash=$ARTIFACT_HASH" -e "ansible_ssh_common_args='-o ServerAliveInterval=30 -o ServerAliveCountMax=10 -o ControlMaster=auto -o ControlPersist=180m'" -i $SSH_USER@webapp."$TARGET_SYSTEM", --diff } remote_deployment() { @@ -367,21 +378,22 @@ EOF d helm upgrade --install coturn ./charts/coturn --values values/coturn/values.yaml --values values/coturn/secrets.yaml } -EXISTING_INSTALL=$(ssh -p "$SSH_PORT" "$SSH_USER"@webapp."$TARGET_SYSTEM" "ls /home/$DEMO_USER/wire-server-deploy-static-*.tgz 2>/dev/null" || true) -EXISTING_VMS=$(ssh -p "$SSH_PORT" "$SSH_USER"@webapp."$TARGET_SYSTEM" "virsh list --all --name") -EXISTING_CONTAINERS=$(ssh -p "$SSH_PORT" "$SSH_USER"@webapp."$TARGET_SYSTEM" "docker ps -q --all") +EXISTING_INSTALL=$(ssh -p "$SSH_PORT" -o StrictHostKeyChecking=no "$SSH_USER"@webapp."$TARGET_SYSTEM" "ls /home/$DEMO_USER/wire-server-deploy-static-*.tgz 2>/dev/null" || echo "false") +EXISTING_VMS=$(ssh -p "$SSH_PORT" -o StrictHostKeyChecking=no "$SSH_USER"@webapp."$TARGET_SYSTEM" "virsh list --all --name" || echo "false") +EXISTING_CONTAINERS=$(ssh -p "$SSH_PORT" -o StrictHostKeyChecking=no "$SSH_USER"@webapp."$TARGET_SYSTEM" "docker ps -q --all" || echo "false") -if [[ "$EXISTING_INSTALL" ]]; then +if [[ "$EXISTING_INSTALL" != "false" && -n "$EXISTING_INSTALL" ]]; then msg "" msg "WARNING: existing wire-server-deploy installation found: $EXISTING_INSTALL" DO_SYSTEM_CLEANUP=true fi -if [[ "$EXISTING_VMS" ]]; then +if [[ "$EXISTING_VMS" != "false" && -n "$EXISTING_VMS" ]]; then msg "" msg "WARNING: existing libvirt VMs found: $EXISTING_VMS" DO_SYSTEM_CLEANUP=true fi -if [[ "$EXISTING_CONTAINERS" ]]; then +if [[ "$EXISTING_CONTAINERS" != "false" && -n "$EXISTING_CONTAINERS" ]]; then + echo "$EXISTING_CONTAINERS" msg "" msg "WARNING: existing Docker containers found." DO_SYSTEM_CLEANUP=true @@ -406,7 +418,7 @@ fi msg "INFO: Commencing Wire-in-a-box deployment on $TARGET_SYSTEM." preprovision_hetzner -ssh -p "$SSH_PORT" "$DEMO_USER"@webapp."$TARGET_SYSTEM" "bash -s" <