Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
288 changes: 143 additions & 145 deletions Jenkinsfile_CNP
Original file line number Diff line number Diff line change
@@ -1,176 +1,174 @@
#!groovy
@Library("Infrastructure") _
@Library("Infrastructure@allow-plan-only")

import uk.gov.hmcts.contino.Environment
import uk.gov.hmcts.contino.HealthChecker
import uk.gov.hmcts.contino.azure.KeyVault

properties([
parameters([
string(name: 'PRODUCT_NAME', defaultValue: 'ccd-elastic-search', description: ''),
booleanParam(name: 'DEPLOY_ES_CLUSTER', defaultValue: false, description: 'Select to deploy ElasticSearch'),
booleanParam(name: 'RUN_ANSIBLE_DRY', defaultValue: false, description: 'Run Ansible in DRY run mode'),
booleanParam(name: 'RUN_ANSIBLE_APPLY', defaultValue: false, description: 'Run Ansible in APPLY mode'),
booleanParam(name: 'UPGRADE_ES', defaultValue: true, description: 'Whether to run ES version upgrade steps (deb packages re-deploy)'),
booleanParam(name: 'ROLLING_UPGRADE', defaultValue: false, description: 'Run Ansible with rolling upgrade steps (demo-int only)'),
booleanParam(name: 'REINDEX', defaultValue: false, description: 'Whether to re-index after version upgrade (demo-int only)'),
string(name: "PRODUCT_NAME", defaultValue: "ccd-elastic-search", description: ""),
booleanParam(name: "DEPLOY_ES_CLUSTER", defaultValue: false, description: "Select to deploy ElasticSearch"),
booleanParam(name: "RUN_ANSIBLE_DRY", defaultValue: false, description: "Run Ansible in DRY run mode"),
booleanParam(name: "RUN_ANSIBLE_APPLY", defaultValue: false, description: "Run Ansible in APPLY mode"),
booleanParam(name: "UPGRADE_ES", defaultValue: true, description: "Whether to run ES version upgrade steps (deb packages re-deploy)"),
booleanParam(name: "ROLLING_UPGRADE", defaultValue: false, description: "Run Ansible with rolling upgrade steps"),
booleanParam(name: "REINDEX", defaultValue: false, description: "Whether to re-index after version upgrade"),
string(name: "ANSIBLE_TARGETS", defaultValue: "demo,ithc", description: "Comma-separated environments for Ansible runs")
])
])

def setupSecret() {
def bootstap_env = env.ENV
azureKeyVault(
keyVaultURL: "https://ccd-${bootstap_env}.vault.azure.net/",
secrets: [
secret("ccd-vm-admin-name", 'CCD_VM_ADMIN_NAME'),
secret("ccd-ELASTIC-SEARCH-PRIVATE-KEY", 'CCD_VM_SSH_PRIVATE_KEY'),
]) {
env.CCD_VM_ADMIN_NAME = "${CCD_VM_ADMIN_NAME}"
env.CCD_VM_SSH_PRIVATE_KEY = "${CCD_VM_SSH_PRIVATE_KEY}"
}
def setupSecret(String targetEnv) {
def bootstrapEnv = targetEnv
azureKeyVault(
keyVaultURL: "https://ccd-${bootstrapEnv}.vault.azure.net/",
secrets: [
secret("ccd-vm-admin-name", "CCD_VM_ADMIN_NAME"),
secret("ccd-ELASTIC-SEARCH-PRIVATE-KEY", "CCD_VM_SSH_PRIVATE_KEY")
]) {
env.CCD_VM_ADMIN_NAME = "${CCD_VM_ADMIN_NAME}"
env.CCD_VM_SSH_PRIVATE_KEY = "${CCD_VM_SSH_PRIVATE_KEY}"
}
}

def runAnsible() {

setupSecret()
echo "ANSIBLE Dry run: " + params.RUN_ANSIBLE_DRY
echo "ANSIBLE Apply run: " + params.RUN_ANSIBLE_APPLY
echo "Rolling upgrade (demo-int only): " + params.ROLLING_UPGRADE
echo "Upgrade ES (demo-int only): " + params.UPGRADE_ES
echo "Reindex (demo-int only): " + params.REINDEX
sh "echo 'Running Ansible Playbook for Sandbox'"

// Install regular Ansible for normal environments
sh "sudo apt update && sudo apt install -y ansible python3-venv"
sh "ansible --version"
sh "echo 'environment ${env.ENV}'"

writeFile file: '/tmp/ccdadmin_key', text: "${CCD_VM_SSH_PRIVATE_KEY}"
sh "chmod 600 /tmp/ccdadmin_key"
def checkRunAnsible = "--check"
if (params.RUN_ANSIBLE_APPLY == true) {
checkRunAnsible = ""
}
def rollingUpgradeDemoInt = params.ROLLING_UPGRADE ? "true" : "false"
def reindex = params.REINDEX ? "true" : "false"
def upgradeEs = params.UPGRADE_ES ? "true" : "false"
def supportsUpgradeFlags(String targetEnv) {
["demo", "ithc", "perftest"].contains(targetEnv)
}

// Run regular demo environment with standard Ansible
// Temporarily disabled to save time during demo-int builds
// sh "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ${WORKSPACE}/ansible/inventory.ini ansible/diskmount.yml -u ${CCD_VM_ADMIN_NAME} --private-key=/tmp/ccdadmin_key --limit ${env.ENV} ${checkRunAnsible}"
def runAnsible(String targetEnv) {
setupSecret(targetEnv)

// sh "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ${WORKSPACE}/ansible/inventory.ini ansible/main.yml -u ${CCD_VM_ADMIN_NAME} --private-key=/tmp/ccdadmin_key --limit ${env.ENV} --extra-vars 'elastic_clustername=ccd-elastic-search-${env.ENV}' ${checkRunAnsible}"
echo "ANSIBLE Dry run: ${params.RUN_ANSIBLE_DRY}"
echo "ANSIBLE Apply run: ${params.RUN_ANSIBLE_APPLY}"
echo "Rolling upgrade: ${params.ROLLING_UPGRADE}"
echo "Upgrade ES: ${params.UPGRADE_ES}"
echo "Reindex: ${params.REINDEX}"

// For demo-int only: use Ansible 2.9 with Python 3.9 in virtualenv (supports Python 3.5 targets)
if (env.ENV == 'demo') {
// def tfvars = readFile("${WORKSPACE}/demo.tfvars")
def checkRunAnsible = params.RUN_ANSIBLE_APPLY ? "" : "--check"
def buildTag = (env.BUILD_TAG ?: "local").replaceAll("[^A-Za-z0-9_.-]", "-")
def venvPath = "/tmp/ansible-venv-${buildTag}"
def keyPath = "/tmp/ccdadmin_key_${buildTag}"

// def targets = []
// if (tfvars.contains('demo_int')) { targets << 'demo_int' }
// if (tfvars.contains('demo_int2')) { targets << 'demo_int2' }
def upgradeEnabled = supportsUpgradeFlags(targetEnv)
def rollingUpgrade = (upgradeEnabled && params.ROLLING_UPGRADE) ? "true" : "false"
def reindex = (upgradeEnabled && params.REINDEX) ? "true" : "false"
def upgradeEs = (upgradeEnabled && params.UPGRADE_ES) ? "true" : "false"
def clusterName = "ccd-elastic-search-${targetEnv.replace("_", "-")}"

// if (targets.size() == 0) {
// echo "No demo_int/demo_int2 clusters found in demo.tfvars; skipping Ansible."
// return
// }
try {
writeFile file: keyPath, text: env.CCD_VM_SSH_PRIVATE_KEY
sh "chmod 600 ${keyPath}"

sh """
python3 -m venv /tmp/ansible-venv
/tmp/ansible-venv/bin/pip install --upgrade pip
/tmp/ansible-venv/bin/pip install ansible==13.0.0
/tmp/ansible-venv/bin/ansible --version
python3 -m venv ${venvPath}
${venvPath}/bin/pip install --upgrade pip
${venvPath}/bin/pip install ansible==13.0.0
${venvPath}/bin/ansible --version
"""

// for (t in targets) {
def t = 'demo_int'
def clusterName = "ccd-elastic-search-${t.replace('_','-')}"
def rollingUpgrade = (t == 'demo_int' && params.ROLLING_UPGRADE) ? "true" : "false"
def reindexFlag = (t == 'demo_int' && params.REINDEX) ? "true" : "false"
def upgradeFlag = (t == 'demo_int' && params.UPGRADE_ES) ? "true" : "false"

sh """
ANSIBLE_HOST_KEY_CHECKING=False /tmp/ansible-venv/bin/ansible-playbook \
-i ${WORKSPACE}/ansible/inventory.ini \
ansible/diskmount.yml \
-u ${CCD_VM_ADMIN_NAME} \
--private-key=/tmp/ccdadmin_key \
--limit ${t} \
${checkRunAnsible}

ANSIBLE_HOST_KEY_CHECKING=False /tmp/ansible-venv/bin/ansible-playbook \
-i ${WORKSPACE}/ansible/inventory.ini \
ansible/main.yml \
-u ${CCD_VM_ADMIN_NAME} \
--private-key=/tmp/ccdadmin_key \
--limit ${t} \
--extra-vars 'elastic_clustername=${clusterName} rolling_upgrade=${rollingUpgrade} reindex=${reindexFlag} upgrade_es=${upgradeFlag}' \
${checkRunAnsible}
"""
// }

sh "rm -rf /tmp/ansible-venv"
sh """
ANSIBLE_HOST_KEY_CHECKING=False ${venvPath}/bin/ansible-playbook \
-i ${WORKSPACE}/ansible/inventory.ini \
ansible/diskmount.yml \
-u ${CCD_VM_ADMIN_NAME} \
--private-key=${keyPath} \
--limit ${targetEnv} \
${checkRunAnsible}

ANSIBLE_HOST_KEY_CHECKING=False ${venvPath}/bin/ansible-playbook \
-i ${WORKSPACE}/ansible/inventory.ini \
ansible/main.yml \
-u ${CCD_VM_ADMIN_NAME} \
--private-key=${keyPath} \
--limit ${targetEnv} \
--extra-vars 'elastic_clustername=${clusterName} rolling_upgrade=${rollingUpgrade} reindex=${reindex} upgrade_es=${upgradeEs}' \
${checkRunAnsible}
"""
} finally {
sh "rm -rf ${venvPath} ${keyPath}"
}
}

def parseTargets() {
params.ANSIBLE_TARGETS
.split(",")
.collect { it.trim() }
.findAll { it }
.toSet()
}

static Map<String, Object> secret(String secretName, String envVariable) {
[
$class : 'AzureKeyVaultSecret',
secretType : 'Secret',
name : secretName,
envVariable: envVariable
]
[
$class: "AzureKeyVaultSecret",
secretType: "Secret",
name: secretName,
envVariable: envVariable
]
}

if (params.DEPLOY_ES_CLUSTER == true) {
withInfraPipeline(params.PRODUCT_NAME) {
onMaster {
enableSlackNotifications('#ccd-master-builds')
}
onDemo {
enableSlackNotifications('#ccd-demo-builds')
}

// TODO: Healthcheck per env
// afterAlways('buildinfra:aat') {
// echo 'Healthcheck in AAT'
// healthCheckStage('nonprod', 'aat')
// }
// afterAlways('buildinfra:prod') {
// echo 'Healthcheck in PROD'
// healthCheckStage('prod', 'prod')
// }
// afterAlways('buildinfra:perftest') {
// echo 'Healthcheck in Perftest'
// healthCheckStage('qa', 'perftest')
// }
// afterAlways('buildinfra:demo') {
// echo 'Healthcheck in Perftest'
// healthCheckStage('nonprod', 'demo')
// }
// afterAlways('buildinfra:ithc') {
// echo 'Healthcheck in Perftest'
// healthCheckStage('qa', 'ithc')
// }

if (params.RUN_ANSIBLE_DRY == true || params.RUN_ANSIBLE_APPLY == true) {

afterSuccess('buildinfra:demo') {
echo 'running Ansible in Demo '
env.ENV = 'demo'
runAnsible()
withInfraPipeline(params.PRODUCT_NAME, null, !params.DEPLOY_ES_CLUSTER) {
onMaster {
enableSlackNotifications("#ccd-master-builds")
}
onDemo {
enableSlackNotifications("#ccd-demo-builds")
}

afterAlways("buildinfra:aat") {
echo "Healthcheck in AAT"
healthCheckStage("nonprod", "aat")
}
afterAlways("buildinfra:prod") {
echo "Healthcheck in PROD"
healthCheckStage("prod", "prod")
}
afterAlways("buildinfra:perftest") {
echo "Healthcheck in Perftest"
healthCheckStage("qa", "perftest")
}
afterAlways("buildinfra:demo") {
echo "Healthcheck in Demo"
healthCheckStage("nonprod", "demo")
}
afterAlways("buildinfra:ithc") {
echo "Healthcheck in ITHC"
healthCheckStage("qa", "ithc")
}

if (params.RUN_ANSIBLE_DRY || params.RUN_ANSIBLE_APPLY) {
def targets = parseTargets()

afterSuccess("buildinfra:demo") {
if (targets.contains("demo")) {
echo "Running Ansible in demo"
runAnsible("demo")
} else {
echo "Skipping demo Ansible: demo not in ANSIBLE_TARGETS=${params.ANSIBLE_TARGETS}"
}
}

afterSuccess("buildinfra:ithc") {
if (targets.contains("ithc")) {
echo "Running Ansible in ithc"
runAnsible("ithc")
} else {
echo "Skipping ithc Ansible: ithc not in ANSIBLE_TARGETS=${params.ANSIBLE_TARGETS}"
}
}

afterSuccess('buildinfra:ithc') {
echo 'running Ansible in ITHC '
env.ENV = 'ithc'
runAnsible()
afterSuccess("buildinfra:perftest") {
if (targets.contains("perftest")) {
echo "Running Ansible in perftest"
runAnsible("perftest")
} else {
echo "Skipping perftest Ansible: perftest not in ANSIBLE_TARGETS=${params.ANSIBLE_TARGETS}"
}
}
}
}
}
}

def healthCheckStage(subscription, environmentName) {
stage('HealthCheck') {
def healthCheckStage(String subscription, String environmentName) {
stage("HealthCheck") {
def healthChecker = new HealthChecker(this)
healthChecker.check(healthCheckUrl(subscription, environmentName), 10, 40) { response ->
if (response.content.contains("yellow")) {
Expand All @@ -181,9 +179,9 @@ def healthCheckStage(subscription, environmentName) {
}
}

def healthCheckUrl(subscription, environmentName) {
KeyVault keyVault = new KeyVault(this, subscription, "ccd-$environmentName")
es_url = keyVault.find("ccd-ELASTIC-SEARCH-URL").trim()
echo "retrieved ES URL: ${es_url}"
"http://" + es_url + ":9200/_cluster/health"
def healthCheckUrl(String subscription, String environmentName) {
KeyVault keyVault = new KeyVault(this, subscription, "ccd-${environmentName}")
def esUrl = keyVault.find("ccd-ELASTIC-SEARCH-URL").trim()
echo "retrieved ES URL: ${esUrl}"
"http://${esUrl}:9200/_cluster/health"
}
29 changes: 0 additions & 29 deletions ansible/elasticsearch-demo-int.yml.j2

This file was deleted.

Loading