From 427bda05a4cd4ace248adaa38afc866dad1b58a0 Mon Sep 17 00:00:00 2001 From: "Leo J." <153937047+leiicamundi@users.noreply.github.com> Date: Mon, 26 Aug 2024 16:35:52 +0200 Subject: [PATCH] chore: implement different region for rosa (#50) --- .../actions/rosa-cleanup-clusters/action.yml | 6 ++++ .../scripts/destroy-clusters.sh | 21 +++++++++-- .github/actions/rosa-create-cluster/README.md | 1 + .../actions/rosa-create-cluster/action.yml | 36 +++++++++++-------- .github/actions/rosa-delete-cluster/README.md | 1 + .../actions/rosa-delete-cluster/action.yml | 10 +++++- .github/workflows/daily-cleanup.yml | 4 ++- .github/workflows/tests.yml | 5 ++- 8 files changed, 65 insertions(+), 19 deletions(-) diff --git a/.github/actions/rosa-cleanup-clusters/action.yml b/.github/actions/rosa-cleanup-clusters/action.yml index e748627..3e65342 100644 --- a/.github/actions/rosa-cleanup-clusters/action.yml +++ b/.github/actions/rosa-cleanup-clusters/action.yml @@ -7,6 +7,8 @@ inputs: tf-bucket: description: 'Bucket containing the clusters states' required: true + tf-bucket-region: + description: 'Region of the bucket containing the resources states, if not set, will fallback on AWS_REGION' max-age-hours-cluster: description: 'Maximum age of clusters in hours' required: false @@ -19,4 +21,8 @@ runs: id: delete_clusters shell: bash run: | + if [ -n "${{ inputs.tf-bucket-region }}" ]; then + export AWS_S3_REGION="${{ inputs.tf-bucket-region }}" + fi + ${{ github.action_path }}/scripts/destroy-clusters.sh "${{ inputs.tf-bucket }}" ${{ github.action_path }}/../../../modules/rosa-hcp/ /tmp/rosa/ ${{ inputs.max-age-hours-cluster }} diff --git a/.github/actions/rosa-cleanup-clusters/scripts/destroy-clusters.sh b/.github/actions/rosa-cleanup-clusters/scripts/destroy-clusters.sh index b5b574f..5615d6f 100755 --- a/.github/actions/rosa-cleanup-clusters/scripts/destroy-clusters.sh +++ b/.github/actions/rosa-cleanup-clusters/scripts/destroy-clusters.sh @@ -48,6 +48,7 @@ MIN_AGE_IN_HOURS=$4 HTPASSWD_PASSWORD="Fakepassword!!!3893948" # don't change it, it's a fake value for the destruction FAILED=0 CURRENT_DIR=$(pwd) +AWS_S3_REGION=${AWS_S3_REGION:-$AWS_REGION} # Function to perform terraform destroy destroy_cluster() { @@ -66,7 +67,9 @@ destroy_cluster() { tree "." || return 1 - if ! terraform init -backend-config="bucket=$BUCKET" -backend-config="key=${cluster_folder}/${cluster_id}.tfstate" -backend-config="region=$AWS_REGION"; then return 1; fi + echo "tf state: bucket=$BUCKET key=${cluster_folder}/${cluster_id}.tfstate region=$AWS_S3_REGION" + + if ! terraform init -backend-config="bucket=$BUCKET" -backend-config="key=${cluster_folder}/${cluster_id}.tfstate" -backend-config="region=$AWS_S3_REGION"; then return 1; fi if ! terraform destroy -auto-approve -var "cluster_name=${cluster_id}" -var "htpasswd_password=$HTPASSWD_PASSWORD" -var "offline_access_token=$RH_TOKEN"; then return 1; fi @@ -81,7 +84,21 @@ destroy_cluster() { } # List objects in the S3 bucket and parse the cluster IDs -clusters=$(aws s3 ls "s3://$BUCKET/" | awk '{print $2}' | sed -n 's#^tfstate-\(.*\)/$#\1#p') +all_objects=$(aws s3 ls "s3://$BUCKET/") +aws_exit_code=$? + +if [ $aws_exit_code -ne 0 ]; then + echo "Error executing the aws s3 ls command (Exit Code: $aws_exit_code):" >&2 + exit 1 +fi + + +clusters=$(echo "$all_objects" | awk '{print $2}' | sed -n 's#^tfstate-\(.*\)/$#\1#p') +if [ -z "$clusters" ]; then + echo "No objects found in the S3 bucket. Exiting script." >&2 + exit 0 +fi + current_timestamp=$(date +%s) for cluster_id in $clusters; do diff --git a/.github/actions/rosa-create-cluster/README.md b/.github/actions/rosa-create-cluster/README.md index 1d7b309..07da879 100644 --- a/.github/actions/rosa-create-cluster/README.md +++ b/.github/actions/rosa-create-cluster/README.md @@ -16,6 +16,7 @@ This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service | `openshift-version` | Version of the OpenShift to install | false | __see `action.yml`__ | | `replicas` | Number of replicas for the ROSA cluster | false | `2` | | `s3-backend-bucket` | Name of the S3 bucket to store Terraform state | true | | +| `s3-bucket-region` | Region of the bucket containing the resources states, if not set, will fallback on `aws-region` | false | | | `tf-modules-revision`| Git revision of the Terraform modules to use | false | `main` | | `tf-modules-path` | Path where the Terraform ROSA modules will be cloned | false | `./.action-tf-modules/rosa/` | | `login` | Authenticate the current kube context on the created cluster | false | `true` | diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 202c60e..e2bb4f8 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -43,6 +43,8 @@ inputs: s3-backend-bucket: description: 'Name of the S3 bucket to store Terraform state' required: true + s3-bucket-region: + description: 'Region of the bucket containing the resources states, if not set, will fallback on aws-region' tf-modules-revision: description: 'Git revision of the tf modules to use' default: 'main' @@ -135,26 +137,19 @@ runs: sudo ./aws/install cd - && rm -Rf /tmp/awscli - - name: Check if S3 bucket exists - id: create-s3-bucket - shell: bash - run: | - if aws s3api head-bucket --bucket ${{ inputs.s3-backend-bucket }} --region ${{ inputs.aws-region }} 2>/dev/null; then - echo "Bucket already exists" - else - echo "Bucket does not exist, creating..." - aws s3api create-bucket --bucket ${{ inputs.s3-backend-bucket }} --region ${{ inputs.aws-region }} --create-bucket-configuration LocationConstraint=${{ inputs.aws-region }} - fi - - aws s3api put-public-access-block --bucket ${{ inputs.s3-backend-bucket }} --region ${{ inputs.aws-region }} --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true" - - name: Set Terraform variables shell: bash id: set-terraform-variables run: | export TFSTATE_BUCKET="${{ inputs.s3-backend-bucket }}" - export TFSTATE_REGION="${{ inputs.aws-region }}" export TFSTATE_KEY="tfstate-${{ inputs.cluster-name }}/${{ inputs.cluster-name }}.tfstate" + + if [ -z "${{ inputs.s3-bucket-region }}" ]; then + export TFSTATE_REGION="${{ inputs.aws-region }}" + else + export TFSTATE_REGION="${{ inputs.s3-bucket-region }}" + fi + echo "TFSTATE_BUCKET=${TFSTATE_BUCKET}" >> "$GITHUB_OUTPUT" echo "TFSTATE_REGION=${TFSTATE_REGION}" >> "$GITHUB_OUTPUT" echo "TFSTATE_KEY=${TFSTATE_KEY}" >> "$GITHUB_OUTPUT" @@ -162,6 +157,19 @@ runs: terraform_state_url="s3://${TFSTATE_BUCKET}/${TFSTATE_KEY}" echo "terraform-state-url=${terraform_state_url}" >> "$GITHUB_OUTPUT" + - name: Check if S3 bucket exists + id: create-s3-bucket + shell: bash + run: | + if aws s3api head-bucket --bucket ${{ inputs.s3-backend-bucket }} --region ${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }} 2>/dev/null; then + echo "Bucket already exists" + else + echo "Bucket does not exist, creating..." + aws s3api create-bucket --bucket ${{ inputs.s3-backend-bucket }} --region ${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }} --create-bucket-configuration LocationConstraint=${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }} + fi + + aws s3api put-public-access-block --bucket ${{ inputs.s3-backend-bucket }} --region ${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }} --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true" + - name: Checkout Repository rosa modules uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: diff --git a/.github/actions/rosa-delete-cluster/README.md b/.github/actions/rosa-delete-cluster/README.md index 797a8d1..abec54c 100644 --- a/.github/actions/rosa-delete-cluster/README.md +++ b/.github/actions/rosa-delete-cluster/README.md @@ -10,6 +10,7 @@ This GitHub Action automates the deletion of a ROSA (Red Hat OpenShift Service o | `cluster-name` | Name of the ROSA cluster to delete | true | | | `aws-region` | AWS region where the ROSA cluster is deployed | true | | | `s3-backend-bucket` | Name of the S3 bucket where the Terraform state is stored| true | | +| `s3-bucket-region` | Region of the bucket containing the resources states, if not set, will fallback on `aws-region` | false | | | `awscli-version` | Version of the aws cli to use | false | __see `action.yml`__ | | `tf-modules-revision`| Git revision of the tf modules to use | false | `main` | | `tf-modules-path` | Path where the tf rosa modules will be cloned | false | `./.action-tf-modules/rosa/` | diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index 4f16a4f..23a9ab9 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -17,6 +17,8 @@ inputs: s3-backend-bucket: description: 'Name of the S3 bucket where the Terraform state is stored' required: true + s3-bucket-region: + description: 'Region of the bucket containing the resources states, if not set, will fallback on aws-region' awscli-version: description: 'Version of the aws cli to use' required: true @@ -74,8 +76,14 @@ runs: id: set-terraform-variables run: | export TFSTATE_BUCKET="${{ inputs.s3-backend-bucket }}" - export TFSTATE_REGION="${{ inputs.aws-region }}" export TFSTATE_KEY="tfstate-${{ inputs.cluster-name }}/${{ inputs.cluster-name }}.tfstate" + + if [ -z "${{ inputs.s3-bucket-region }}" ]; then + export TFSTATE_REGION="${{ inputs.aws-region }}" + else + export TFSTATE_REGION="${{ inputs.s3-bucket-region }}" + fi + echo "TFSTATE_BUCKET=${TFSTATE_BUCKET}" >> "$GITHUB_OUTPUT" echo "TFSTATE_REGION=${TFSTATE_REGION}" >> "$GITHUB_OUTPUT" echo "TFSTATE_KEY=${TFSTATE_KEY}" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/daily-cleanup.yml b/.github/workflows/daily-cleanup.yml index a36c269..cfa214b 100644 --- a/.github/workflows/daily-cleanup.yml +++ b/.github/workflows/daily-cleanup.yml @@ -23,7 +23,8 @@ env: # please keep those variables synced with tests.yml TESTS_AWS_REGION: "eu-west-2" - TF_S3_BUCKET: "camunda-tf-rosa" + TF_S3_BUCKET: "tests-rosa-tf-state-eu-central-1" + TF_S3_REGION: "eu-central-1" jobs: @@ -72,6 +73,7 @@ jobs: AWS_REGION: "${{ env.TESTS_AWS_REGION }}" with: tf-bucket: "${{ env.TF_S3_BUCKET }}" + tf-bucket-region: "${{ env.TF_S3_REGION }}" max-age-hours-cluster: "${{ env.MAX_AGE_HOURS_CLUSTER }}" - name: Notify in Slack in case of failure diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 7ceff6a..cd5e423 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -37,7 +37,8 @@ env: # please keep those variables synced with daily-cleanup.yml TESTS_AWS_REGION: "eu-west-2" - TF_S3_BUCKET: "camunda-tf-rosa" + TF_S3_BUCKET: "tests-rosa-tf-state-eu-central-1" + TF_S3_REGION: "eu-central-1" OCP_ADMIN_USERNAME: "kube-admin" OCP_NAMESPACE: "myns" @@ -100,6 +101,7 @@ jobs: admin-password: ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }} aws-region: ${{ env.TESTS_AWS_REGION }} s3-backend-bucket: ${{ env.TF_S3_BUCKET }} + s3-bucket-region: ${{ env.TF_S3_REGION }} - name: Create namespace if not exists shell: bash @@ -119,6 +121,7 @@ jobs: cluster-name: "${{ steps.commit_info.outputs.cluster_name }}" aws-region: ${{ env.TESTS_AWS_REGION }} s3-backend-bucket: ${{ env.TF_S3_BUCKET }} + s3-bucket-region: ${{ env.TF_S3_REGION }} - name: Notify in Slack in case of failure id: slack-notification