· 5 years ago · Nov 13, 2019, 09:30 AM
1/**
2 * pipeline for cleanup KaaS clusters based on AWS provider
3 * CREDENTIALS_ID - gerrit credentials id
4 * GERRIT_HOST - Gerrit host
5 * KAAS_PIPELINE_REFSPEC - Refspec for kaas related pipelines, for testing additional pipeline changes, generally using GERRIT_REFSPEC
6 * GERRIT_REFSPEC - Parameter also used for fetching groovy pipeline from kaas repo [KAAS_PIPELINE_REFSPEC],
7 * default value used in case of non-triggered run, otherwise gerrit trigger will overwrite it
8 *
9 * KAAS_AWS_ACCOUNT_ID - AWS Service account id
10 * KAAS_AWS_CREDENTIALS - AWSAccessKeyId/AWSSecretKey credentials
11 * KAAS_AWS_REGIONS - Comma-separated list of AWS regions where cleanup needed
12
13 * DRY_RUN - ensure only w/o cleanup procedures
14 *
15**/
16
17common = new com.mirantis.mk.Common()
18gerrit = new com.mirantis.mk.Gerrit()
19jUtils = new com.mirantis.mk.JenkinsUtils()
20jobCatchedErrors = 'No build errors'
21
22def regionList = KAAS_AWS_REGIONS.tokenize(',').collect { it.trim() }
23// TODO make cleanup preset configurable
24def cleanupPreset = 'general_cleanup'
25def nukeImage = 'quay.io/rebuy/aws-nuke:v2.12.0'
26def nukeArgs = DRY_RUN.toBoolean() ? '--force' : '--force --no-dry-run'
27
28node('docker') {
29
30 // Define Jenkins user id's for docker operations
31 def jenkinsUID = common.getJenkinsUid()
32 def jenkinsGID = common.getJenkinsGid()
33 jenkinsUser = "${jenkinsUID}:${jenkinsGID}"
34
35 def workspace = common.getWorkspace()
36 def nukeConfigPath = "${workspace}/nuke-config.yaml"
37
38 //avoid root-owned docker artifacts before kaasLibrary scm
39 sh(script: """\
40 docker run --rm \
41 -v ${workspace}:/code \
42 busybox sh -c 'chown -R ${jenkinsUser} /code'
43 """
44 )
45
46 // Check if dependency jobs passed successfully
47 depsResult = jUtils.checkDependencyJobs()
48 if (!depsResult.status){
49 return
50 }
51
52 try {
53 timeout(time: 1, unit: 'HOURS') {
54
55 stage('Checkout') {
56 gerrit.gerritPatchsetCheckout('ssh://mcp-jenkins@gerrit.mcp.mirantis.net:29418/kaas/cluster-api-provider-openstack', 'mirantis', 'HEAD', CREDENTIALS_ID)
57 }
58
59 stage('Configure aws cleanup nuke template') {
60 def nukeTemplate = readYaml file: "${workspace}/hack/tools/aws/nuke-config-kaas.yaml"
61 nukeTemplate['regions'] = regionList
62 nukeTemplate['accounts'][KAAS_AWS_ACCOUNT_ID]['presets'].add(cleanupPreset)
63
64 writeYaml file: nukeConfigPath, data: nukeTemplate
65 common.infoMsg('AWS Nuke config generated successfully')
66 sh("cat ${nukeConfigPath}")
67 }
68
69
70 stage('Start Cleanup procedure') {
71 withCredentials([
72 [$class: 'UsernamePasswordMultiBinding',
73 credentialsId: KAAS_AWS_CREDENTIALS,
74 passwordVariable: 'SECRET_KEY',
75 usernameVariable: 'SECRET_ID'],
76 ],) {
77 sh(script: """make DEST=${workspace} \
78 GOOS=linux \
79 AWS_ACCESS_KEY_ID=${SECRET_ID} \
80 AWS_ACCESS_KEY_SECRET=${SECRET_KEY} \
81 AWS_NUKE_IMAGE=${nukeImage} \
82 AWS_NUKE_ARGS=${nukeArgs} \
83 kaasgc-aws""")
84 }
85 }
86 }
87
88 currentBuild.result = 'SUCCESS'
89 } catch (e) {
90 // If there was an error or exception thrown, the build failed
91 currentBuild.result = 'FAILURE'
92 jobCatchedErrors = e.message ?: 'Failed to get error msg'
93 throw e
94 } finally {
95 currentBuild.description = """
96 <p>
97 <b>Errors</b>: ${jobCatchedErrors}<br/>
98 </p>
99 """
100
101 stage('Cleanup'){
102 // cleanup workspace
103 deleteDir()
104 }
105
106 }
107}