From 55a7d5da837eb9cefee87b577c96d59d81d67e19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Tue, 7 Jan 2025 16:20:49 +0100 Subject: [PATCH 01/14] exclude wire-server-enterprise chart --- offline/ci.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/offline/ci.sh b/offline/ci.sh index bfa1611c0..09b45a818 100755 --- a/offline/ci.sh +++ b/offline/ci.sh @@ -4,7 +4,7 @@ set -euo pipefail INCREMENTAL="${INCREMENTAL:-0}" # Default exclude list -HELM_CHART_EXCLUDE_LIST="inbucket" +HELM_CHART_EXCLUDE_LIST="inbucket,wire-server-enterprise" # Parse the HELM_CHART_EXCLUDE_LIST argument for arg in "$@" From 845351462b96cb5e8af3de7a8b96f17432555610 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Tue, 7 Jan 2025 16:21:11 +0100 Subject: [PATCH 02/14] add missing secrets that are failing `helm template` in the CI --- values/wire-server/prod-secrets.example.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/values/wire-server/prod-secrets.example.yaml b/values/wire-server/prod-secrets.example.yaml index dfa5439e7..6c4f10848 100644 --- a/values/wire-server/prod-secrets.example.yaml +++ b/values/wire-server/prod-secrets.example.yaml @@ -28,6 +28,12 @@ brig: # username: wire-server # password: verysecurepassword +cannon: + secrets: + rabbitmq: + username: wire-server + password: verysecurepassword + cargohold: secrets: # these only need to be changed if using real AWS services @@ -49,6 +55,9 @@ gundeck: # these only need to be changed if using real AWS services awsKeyId: dummykey awsSecretKey: dummysecret + rabbitmq: + username: wire-server + password: verysecurepassword proxy: secrets: From 8d2ff02f690d4782bcbe25392b576c23edf4ddc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Wed, 8 Jan 2025 11:19:03 +0100 Subject: [PATCH 03/14] test for missing wire-server dir --- offline/ci.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/offline/ci.sh b/offline/ci.sh index 09b45a818..a967a15c9 100755 --- a/offline/ci.sh +++ b/offline/ci.sh @@ -205,6 +205,8 @@ pull_charts() { wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/5dcc99aa4e182672030ae38c5f94604dcefa51d1/build.json" wire_build_chart_release "$wire_build" | pull_charts +ls -la + # Uncomment if you want to create non-wire-build release # and uncomment the other pull_charts call from aboe # legacy_chart_release | pull_charts From ff527935709ebde389823a2bffd0af79d1bde4d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Wed, 8 Jan 2025 11:34:43 +0100 Subject: [PATCH 04/14] test missing wire-server charts without exclude wire-server-enterprise --- offline/ci.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/offline/ci.sh b/offline/ci.sh index a967a15c9..77e54da3b 100755 --- a/offline/ci.sh +++ b/offline/ci.sh @@ -4,7 +4,7 @@ set -euo pipefail INCREMENTAL="${INCREMENTAL:-0}" # Default exclude list -HELM_CHART_EXCLUDE_LIST="inbucket,wire-server-enterprise" +HELM_CHART_EXCLUDE_LIST="inbucket" # Parse the HELM_CHART_EXCLUDE_LIST argument for arg in "$@" @@ -205,7 +205,7 @@ pull_charts() { wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/5dcc99aa4e182672030ae38c5f94604dcefa51d1/build.json" wire_build_chart_release "$wire_build" | pull_charts -ls -la +ls -la charts/ # Uncomment if you want to create non-wire-build release # and uncomment the other pull_charts call from aboe From ea9361f4319f8229883777f6afc9ee65885e9034 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Wed, 8 Jan 2025 11:58:45 +0100 Subject: [PATCH 05/14] with wire-server-enterprise exclusion --- offline/ci.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/offline/ci.sh b/offline/ci.sh index 77e54da3b..dc524658e 100755 --- a/offline/ci.sh +++ b/offline/ci.sh @@ -4,7 +4,7 @@ set -euo pipefail INCREMENTAL="${INCREMENTAL:-0}" # Default exclude list -HELM_CHART_EXCLUDE_LIST="inbucket" +HELM_CHART_EXCLUDE_LIST="inbucket, wire-server-enterprise" # Parse the HELM_CHART_EXCLUDE_LIST argument for arg in "$@" @@ -205,7 +205,7 @@ pull_charts() { wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/5dcc99aa4e182672030ae38c5f94604dcefa51d1/build.json" wire_build_chart_release "$wire_build" | pull_charts -ls -la charts/ +ls charts/ # Uncomment if you want to create non-wire-build release # and uncomment the other pull_charts call from aboe From a7215037b3bb1ac84f07be0e268cb6b96923586a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Wed, 8 Jan 2025 12:58:50 +0100 Subject: [PATCH 06/14] fix exclusion logic --- offline/ci.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/offline/ci.sh b/offline/ci.sh index dc524658e..88f48fb9d 100755 --- a/offline/ci.sh +++ b/offline/ci.sh @@ -3,8 +3,8 @@ set -euo pipefail INCREMENTAL="${INCREMENTAL:-0}" -# Default exclude list -HELM_CHART_EXCLUDE_LIST="inbucket, wire-server-enterprise" +# Default exclude list, temporary wire-server-enterprise exclusion due to access privileges +HELM_CHART_EXCLUDE_LIST="inbucket,wire-server-enterprise" # Parse the HELM_CHART_EXCLUDE_LIST argument for arg in "$@" @@ -156,7 +156,7 @@ wire_build_chart_release () { wire_build="$1" curl "$wire_build" | jq -r --argjson HELM_CHART_EXCLUDE_LIST "$HELM_CHART_EXCLUDE_LIST" ' .helmCharts - | with_entries(select([.key] | inside($HELM_CHART_EXCLUDE_LIST) | not)) + | with_entries(select(.key as $k | $HELM_CHART_EXCLUDE_LIST | index($k) | not)) | to_entries | map("\(.key) \(.value.repo) \(.value.version)") | join("\n") @@ -205,8 +205,6 @@ pull_charts() { wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/5dcc99aa4e182672030ae38c5f94604dcefa51d1/build.json" wire_build_chart_release "$wire_build" | pull_charts -ls charts/ - # Uncomment if you want to create non-wire-build release # and uncomment the other pull_charts call from aboe # legacy_chart_release | pull_charts From 717245e60269ff694a97e2a3c2fd27cd84f03bdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Wed, 8 Jan 2025 14:12:56 +0100 Subject: [PATCH 07/14] install terraform using hashicorp/setupterraform action since its been removed from runner images https://github.com/actions/runner-images/issues/10796 --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 50dd01ce8..83a8c9ce9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,6 +25,11 @@ jobs: run: nix-build -A env - name: Install the environment run: nix-env -f . -A env -i + - name: Install terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "^1.3.7" + terraform_wrapper: false - name: Check terraform init run: | cd terraform/environment From 4b5e5c243687cfcfccc718811e90d12caf122c18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Wed, 8 Jan 2025 14:58:36 +0100 Subject: [PATCH 08/14] comment out restund deployment steps from offline-cluster.sh --- bin/offline-cluster.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/offline-cluster.sh b/bin/offline-cluster.sh index fb263f19d..6c4bd6b9b 100755 --- a/bin/offline-cluster.sh +++ b/bin/offline-cluster.sh @@ -38,7 +38,7 @@ ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/setup-offline-sources.yml ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/kubernetes.yml --tags bastion,bootstrap-os,preinstall,container-engine # Install docker on the restund nodes -ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/restund.yml --tags docker +# ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/restund.yml --tags docker # With ctr being installed on all nodes that need it, seed all container images: ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/seed-offline-containerd.yml @@ -53,7 +53,7 @@ ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/kubernetes.yml --skip-tags boot ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/cassandra.yml ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/elasticsearch.yml ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/minio.yml -ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/restund.yml +# ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/restund.yml # create helm values that tell our helm charts what the IP addresses of cassandra, elasticsearch and minio are: ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/helm_external.yml --skip-tags=rabbitmq-external From 1ea65de3c8dfc0df881aa4c6a1e833a5078cfe6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Wed, 8 Jan 2025 14:59:00 +0100 Subject: [PATCH 09/14] add missing secrets from offline-secrets.sh --- bin/offline-secrets.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/bin/offline-secrets.sh b/bin/offline-secrets.sh index d58d48072..e5a0f0349 100755 --- a/bin/offline-secrets.sh +++ b/bin/offline-secrets.sh @@ -39,6 +39,14 @@ brig: setNexmo: |- key: "dummy" secret: "dummy" + rabbitmq: + username: wire-server + password: verysecurepassword +cannon: + secrets: + rabbitmq: + username: wire-server + password: verysecurepassword cargohold: secrets: awsKeyId: "$minio_access_key" @@ -51,6 +59,9 @@ gundeck: secrets: awsKeyId: dummykey awsSecretKey: dummysecret + rabbitmq: + username: wire-server + password: very-secure-password nginz: secrets: zAuth: From 28ec11276b07ae3d92513f90acb9b1c19b7dac23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Wed, 15 Jan 2025 11:04:44 +0100 Subject: [PATCH 10/14] comment out restund from ansible scripts --- ansible/seed-offline-containerd.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/ansible/seed-offline-containerd.yml b/ansible/seed-offline-containerd.yml index 85bc50b6f..62af21a39 100644 --- a/ansible/seed-offline-containerd.yml +++ b/ansible/seed-offline-containerd.yml @@ -32,12 +32,12 @@ #################################################################################################### -- name: Download restund container - hosts: restund - tags: restund-containers - tasks: - - name: load restund container - shell: | - for container in $(curl -q {{ assethost_host }}/containers-other/index.txt);do - curl -q "{{ assethost_host }}/containers-other/$container" | ctr -n=k8s.io images import - - done +#- name: Download restund container +# hosts: restund +# tags: restund-containers +# tasks: +# - name: load restund container +# shell: | +# for container in $(curl -q {{ assethost_host }}/containers-other/index.txt);do +# curl -q "{{ assethost_host }}/containers-other/$container" | ctr -n=k8s.io images import - +# done From 0ea5cb20afbf81040e33f876c32ea00cd723769d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Wed, 15 Jan 2025 17:05:29 +0100 Subject: [PATCH 11/14] add missing rabbitmq credentials to offline-secrets.sh --- bin/offline-secrets.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/bin/offline-secrets.sh b/bin/offline-secrets.sh index e5a0f0349..b476918ec 100755 --- a/bin/offline-secrets.sh +++ b/bin/offline-secrets.sh @@ -31,6 +31,9 @@ brig: secret: "$zrest" awsKeyId: dummykey awsSecretKey: dummysecret + rabbitmq: + username: wire-server + password: verysecurepassword # These are only necessary if you wish to support sign up via SMS/calls # And require accounts at twilio.com / nexmo.com setTwilio: |- @@ -39,9 +42,6 @@ brig: setNexmo: |- key: "dummy" secret: "dummy" - rabbitmq: - username: wire-server - password: verysecurepassword cannon: secrets: rabbitmq: @@ -55,6 +55,9 @@ galley: secrets: awsKeyId: dummykey awsSecretKey: dummysecret + rabbitmq: + username: wire-server + password: verysecurepassword gundeck: secrets: awsKeyId: dummykey From ca3d09391fb2d948dc549b7468ded29e50b709a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Thu, 16 Jan 2025 08:31:57 +0100 Subject: [PATCH 12/14] fix wrong indentation --- bin/offline-secrets.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/offline-secrets.sh b/bin/offline-secrets.sh index b476918ec..a9cd98ded 100755 --- a/bin/offline-secrets.sh +++ b/bin/offline-secrets.sh @@ -62,9 +62,9 @@ gundeck: secrets: awsKeyId: dummykey awsSecretKey: dummysecret - rabbitmq: - username: wire-server - password: very-secure-password + rabbitmq: + username: wire-server + password: very-secure-password nginz: secrets: zAuth: From 54be6d53f6f434b3a8436a6606f2dcac780737d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Fri, 17 Jan 2025 15:29:23 +0100 Subject: [PATCH 13/14] add pauses to script execution and debug logs --- bin/offline-helm.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/bin/offline-helm.sh b/bin/offline-helm.sh index 9b1f283b6..2fe1dca5b 100755 --- a/bin/offline-helm.sh +++ b/bin/offline-helm.sh @@ -11,7 +11,13 @@ helm upgrade --install --wait demo-smtp ./charts/demo-smtp --values ./values/dem helm upgrade --install --wait rabbitmq ./charts/rabbitmq --values ./values/rabbitmq/prod-values.example.yaml --values ./values/rabbitmq/prod-secrets.example.yaml helm upgrade --install --wait databases-ephemeral ./charts/databases-ephemeral --values ./values/databases-ephemeral/prod-values.example.yaml helm upgrade --install --wait reaper ./charts/reaper -helm upgrade --install --wait --timeout=15m0s wire-server ./charts/wire-server --values ./values/wire-server/prod-values.example.yaml --values ./values/wire-server/secrets.yaml +helm upgrade --install wire-server ./charts/wire-server --values ./values/wire-server/prod-values.example.yaml --values ./values/wire-server/secrets.yaml +sleep 5m +./bin/debug_logs.sh +sleep 5m +./bin/debug_logs.sh +sleep 5m +./bin/debug_logs.sh # if charts/webapp directory exists if [ -d "./charts/webapp" ]; then helm upgrade --install --wait --timeout=15m0s webapp ./charts/webapp --values ./values/webapp/prod-values.example.yaml @@ -30,6 +36,6 @@ helm upgrade --install --wait --timeout=15m0s ingress-nginx-controller ./charts/ echo "Printing all pods status: " kubectl get pods --all-namespaces -o wide -#./bin/debug_logs.sh +./bin/debug_logs.sh # TODO: Requires certs; which we do not have in CI/CD at this point. future work =) (Would need cert-manager in offline package. That'd be neat) # helm upgrade --install --wait nginx-ingress-services ./charts/nginx-ingress-services --values ./values/nginx-ingress-services/values.yaml --values ./values/nginx-ingress-services/secrets.yaml From 4705a6f4c87ba9224d3b74c476f93ef97204ba05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Fri, 17 Jan 2025 16:33:46 +0100 Subject: [PATCH 14/14] install terraform step in offline.yml workflow --- .github/workflows/offline.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/offline.yml b/.github/workflows/offline.yml index 5ad30d640..e7f9268b3 100644 --- a/.github/workflows/offline.yml +++ b/.github/workflows/offline.yml @@ -57,6 +57,12 @@ jobs: env: DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' + - name: Install terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "^1.3.7" + terraform_wrapper: false + - name: Deploy offline environment to hetzner run: | ./offline/cd.sh