Fix WSD CI for the new machine types in hetzner cloud (#744)

* add retry while doing skopeo copy * remove retry while copying from assethost * replace cx11 with cx22 machines * try cpx series resources for hetzner machines * change interface * undo net interface change * add verbosity and eth0 interface * update CX21 to CS22 * temp: disable tf destroy to debug cassandra * add iptable rules * remove firewall from external services * set rabbitmq secrets for background-worker * remove temp firewall rules * add rabbitmq secrets to ci * remove debugging steps
wireapp · Dec 11, 2024 · f41398d · f41398d
1 parent c4a66cb
commit f41398d
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 29 deletions.
diff --git a/.github/workflows/custom-artifact.yml b/.github/workflows/custom-artifact.yml
@@ -48,7 +48,7 @@ jobs:
       - name: Build and upload wire-server-deploy container
         run: |
           container_image=$(nix-build --no-out-link -A container)
-          skopeo copy --dest-creds "$DOCKER_LOGIN" \
+          skopeo copy --retry-times 10 --dest-creds "$DOCKER_LOGIN" \
             docker-archive:"$container_image" \
             "docker://quay.io/wire/wire-server-deploy:${{ steps.upload_name.outputs.UPLOAD_NAME }}"
         env:

diff --git a/.github/workflows/offline.yml b/.github/workflows/offline.yml
@@ -51,7 +51,7 @@ jobs:
         run: |
           container_image=$(nix-build --no-out-link -A container)
 
-          skopeo copy --dest-creds "$DOCKER_LOGIN" \
+          skopeo copy --retry-times 10 --dest-creds "$DOCKER_LOGIN" \
             docker-archive:"$container_image" \
             "docker://quay.io/wire/wire-server-deploy:${{ steps.upload_name.outputs.UPLOAD_NAME }}"
         env:
@@ -68,5 +68,3 @@ jobs:
         run: (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init && terraform destroy -auto-approve)
         env:
           HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
-
-
diff --git a/bin/offline-secrets.sh b/bin/offline-secrets.sh
@@ -63,6 +63,11 @@ team-settings:
     # container is pre-seeded
     # It is just the empty "{}" json hashmap
     configJson: "e30K"
+background-worker:
+  secrets:
+    rabbitmq:
+      username: wire-server
+      password: verysecurepassword
 EOF
 
 fi

diff --git a/terraform/examples/create-infrastructure.tf b/terraform/examples/create-infrastructure.tf
@@ -42,7 +42,7 @@ resource "hcloud_server" "redis" {
   count       = 0
   name        = "redis${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx11"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)
@@ -53,7 +53,7 @@ resource "hcloud_server" "restund" {
   count       = 2
   name        = "restund${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx11"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)
@@ -64,7 +64,7 @@ resource "hcloud_server" "minio" {
   count       = 3
   name        = "minio${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx11"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)
@@ -75,7 +75,7 @@ resource "hcloud_server" "cassandra" {
   count       = 3
   name        = "cassandra${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx21"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)
@@ -86,7 +86,7 @@ resource "hcloud_server" "elasticsearch" {
   count       = 3
   name        = "elasticsearch${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx11"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)

diff --git a/terraform/examples/wire-server-deploy-offline-hetzner/main.tf b/terraform/examples/wire-server-deploy-offline-hetzner/main.tf
@@ -63,7 +63,7 @@ resource "hcloud_server" "adminhost" {
   name        = "adminhost-${random_pet.adminhost.id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx42"
+  server_type = "cpx41"
   user_data   = <<-EOF
   #cloud-config
   apt:
@@ -98,7 +98,7 @@ resource "hcloud_server" "assethost" {
   name        = "assethost-${random_pet.assethost.id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx42"
+  server_type = "cpx41"
   user_data   = local.disable_network_cfg
 }
 
@@ -118,7 +118,7 @@ resource "hcloud_server" "restund" {
   name        = "restund-${random_pet.restund[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx11"
+  server_type = "cx22"
   user_data   = local.disable_network_cfg
 }
 
@@ -139,7 +139,7 @@ resource "hcloud_server" "kubenode" {
   name        = "kubenode-${random_pet.kubenode[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx42"
+  server_type = "cpx41"
   user_data   = local.disable_network_cfg
 }
 
@@ -160,8 +160,8 @@ resource "hcloud_server" "cassandra" {
   name        = "cassandra-${random_pet.cassandra[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx11"
-  user_data   = local.disable_network_cfg
+  server_type = "cx22"
+  # user_data   = local.disable_network_cfg
 }
 
 resource "hcloud_server_network" "cassandra" {
@@ -181,8 +181,8 @@ resource "hcloud_server" "elasticsearch" {
   name        = "elasticsearch-${random_pet.elasticsearch[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx11"
-  user_data   = local.disable_network_cfg
+  server_type = "cx22"
+  # user_data   = local.disable_network_cfg
 }
 
 resource "hcloud_server_network" "elasticsearch" {
@@ -202,8 +202,8 @@ resource "hcloud_server" "minio" {
   name        = "minio-${random_pet.minio[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx11"
-  user_data   = local.disable_network_cfg
+  server_type = "cx22"
+  # user_data   = local.disable_network_cfg
 }
 
 resource "hcloud_server_network" "minio" {

diff --git a/terraform/examples/wire-server-deploy-offline-hetzner/outputs.tf b/terraform/examples/wire-server-deploy-offline-hetzner/outputs.tf
@@ -65,7 +65,7 @@ output "static-inventory" {
         }
       }
       vars = {
-        cassandra_network_interface = "ens10"
+        cassandra_network_interface = "eth0"
       }
     }
     cassandra_seed = {
@@ -79,7 +79,7 @@ output "static-inventory" {
         }
       }
       vars = {
-        elasticsearch_network_interface = "ens10"
+        elasticsearch_network_interface = "eth0"
       }
     }
     elasticsearch_master = {
@@ -93,7 +93,7 @@ output "static-inventory" {
         }
       }
       vars = {
-        minio_network_interface = "ens10"
+        minio_network_interface = "eth0"
       }
     }
     restund = {
@@ -104,7 +104,7 @@ output "static-inventory" {
         }
       }
       vars = {
-        restund_network_interface = "ens10"
+        restund_network_interface = "eth0"
       }
     }
 

diff --git a/values/wire-server/prod-secrets.example.yaml b/values/wire-server/prod-secrets.example.yaml
@@ -73,12 +73,12 @@ nginz:
     basicAuth: "<username>:<htpasswd-hashed-password>"
 
 
-# Uncomment for federation below. Set values accordingly
-# background-worker:
-#   secrets:
-#     rabbitmq:
-#       username: wire-server
-#       password: verysecurepassword
+# RabbitMQ credentials for background-worker.
+background-worker:
+  secrets:
+    rabbitmq:
+      username: wire-server
+      password: verysecurepassword
 
 # Uncomment for legalhold. Set values accordingly