· 5 years ago · Nov 13, 2019, 09:24 AM
1/**
2 * pipeline for cleanup KaaS clusters based on AWS provider
3 * CREDENTIALS_ID - gerrit credentials id
4 * GERRIT_HOST - Gerrit host
5 * KAAS_PIPELINE_REFSPEC - Refspec for kaas related pipelines, for testing additional pipeline changes, generally using GERRIT_REFSPEC
6 * GERRIT_REFSPEC - Parameter also used for fetching groovy pipeline from kaas repo [KAAS_PIPELINE_REFSPEC],
7 * default value used in case of non-triggered run, otherwise gerrit trigger will overwrite it
8 *
9 * KAAS_AWS_ACCOUNT_ID - AWS Service account id
10 * KAAS_AWS_CREDENTIALS - AWSAccessKeyId/AWSSecretKey credentials
11 * KAAS_AWS_REGIONS - Comma-separated list of AWS regions where cleanup needed
12
13 * DRY_RUN - ensure only w/o cleanup procedures
14 *
15**/
16
17common = new com.mirantis.mk.Common()
18gerrit = new com.mirantis.mk.Gerrit()
19jUtils = new com.mirantis.mk.JenkinsUtils()
20jobCatchedErrors = 'No build errors'
21
22def regionList = KAAS_AWS_REGIONS.tokenize(',').collect { it.trim() }
23// TODO make cleanup preset configurable
24def cleanupPreset = 'general_cleanup'
25def nukeImage = 'quay.io/rebuy/aws-nuke:v2.12.0'
26def nukeArgs = DRY_RUN.toBoolean() ? '--force' : '--force --no-dry-run'
27
28node('docker') {
29
30 // Define Jenkins user id's for docker operations
31 def jenkinsUID = common.getJenkinsUid()
32 def jenkinsGID = common.getJenkinsGid()
33 jenkinsUser = "${jenkinsUID}:${jenkinsGID}"
34
35 def workspace = common.getWorkspace()
36 def nukeConfigPath = "${workspace}/nuke-config.yaml"
37
38 //avoid root-owned docker artifacts before kaasLibrary scm
39 sh(script: """\
40 docker run --rm \
41 -v ${workspace}:/code \
42 busybox sh -c 'chown -R ${jenkinsUser} /code'
43 """
44 )
45
46 // Check if dependency jobs passed successfully
47 depsResult = jUtils.checkDependencyJobs()
48 if (!depsResult.status){
49 return
50 }
51
52 try {
53 timeout(time: 1, unit: 'HOURS') {
54
55 stage('Checkout') {
56 gerrit.gerritPatchsetCheckout('ssh://mcp-jenkins@gerrit.mcp.mirantis.net:29418/kaas/cluster-api-provider-openstack', 'mirantis', 'HEAD', CREDENTIALS_ID)
57 }
58
59 stage('Configure aws cleanup nuke template') {
60 def nukeTemplate = readYaml file: "${workspace}/hack/tools/aws/nuke-config-kaas.yaml"
61 nukeTemplate['regions'].addAll(regionList)
62 nukeTemplate['accounts'][KAAS_AWS_ACCOUNT_ID]['presets'].add(cleanupPreset)
63
64 writeYaml file: nukeConfigPath, data: nukeTemplate
65 }
66
67
68 stage('Start Cleanup procedure') {
69 withCredentials([
70 [$class: 'UsernamePasswordMultiBinding',
71 credentialsId: KAAS_AWS_CREDENTIALS,
72 passwordVariable: 'SECRET_KEY',
73 usernameVariable: 'SECRET_ID'],
74 ],) {
75 sh(script: """make DEST=${workspace} \
76 GOOS=linux \
77 AWS_ACCESS_KEY_ID=${SECRET_ID} \
78 AWS_ACCESS_KEY_SECRET=${SECRET_KEY} \
79 AWS_NUKE_IMAGE=${nukeImage} \
80 AWS_NUKE_ARGS=${nukeArgs} \
81 kaasgc-aws""")
82 }
83 }
84 }
85
86 currentBuild.result = 'SUCCESS'
87 } catch (e) {
88 // If there was an error or exception thrown, the build failed
89 currentBuild.result = 'FAILURE'
90 jobCatchedErrors = e.message ?: 'Failed to get error msg'
91 throw e
92 } finally {
93 currentBuild.description = """
94 <p>
95 <b>Errors</b>: ${jobCatchedErrors}<br/>
96 </p>
97 """
98
99 stage('Cleanup'){
100 // cleanup workspace
101 deleteDir()
102 }
103
104 }
105}