From 49d5264b0b1e7d6ed2826cfef33b06cadd838a0b Mon Sep 17 00:00:00 2001 From: Seth L <81644108+sethAmazon@users.noreply.github.com> Date: Tue, 22 Feb 2022 15:41:49 -0500 Subject: [PATCH] Add Support For RHEL and Oracle AMI Tests And Upload Integration Test Binary To S3 Instead Of Building On EC2 Fixes (#364 And #369) (#368) --- .github/workflows/integrationTest.yml | 119 ++++++++++++++++-- integration/localstack/docker-compose.yml | 4 +- integration/terraform/ec2/linux/README.md | 13 ++ .../terraform/ec2/linux/centOS8-setup.sh | 22 ++++ integration/terraform/ec2/linux/main.tf | 3 +- integration/terraform/ec2/linux/providers.tf | 2 - integration/terraform/ec2/linux/variables.tf | 13 +- integration/test/ca_bundle/ca_bundle_test.go | 2 - 8 files changed, 155 insertions(+), 23 deletions(-) create mode 100644 integration/terraform/ec2/linux/README.md create mode 100644 integration/terraform/ec2/linux/centOS8-setup.sh diff --git a/.github/workflows/integrationTest.yml b/.github/workflows/integrationTest.yml index 50159bef6a..42bf29b67b 100644 --- a/.github/workflows/integrationTest.yml +++ b/.github/workflows/integrationTest.yml @@ -15,7 +15,61 @@ concurrency: cancel-in-progress: true jobs: + MakeBinary: + name: 'MakeBinary' + runs-on: ubuntu-latest + steps: + # Set up building environment, patch the dev repo code on dispatch events. + - name: Set up Go 1.x + uses: actions/setup-go@v2 + with: + go-version: ~1.15.15 + + - name: Install rpm + run: sudo apt install rpm + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.TERRAFORM_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.TERRAFORM_AWS_SECRET_ACCESS_KEY }} + aws-region: us-west-2 + + - name: Check out code + uses: actions/checkout@v2 + with: + fetch-depth: 0 + submodules: 'true' + + - name: Cache go + id: cached_go + uses: actions/cache@v2 + env: + cache-name: cached_go_modules + with: + path: | + ~/go/pkg/mod + ~/.cache/go-build + key: v1-go-pkg-mod-${{ hashFiles('**/go.sum') }} + + - name: Cache binaries + id: cached_binaries + uses: actions/cache@v2 + with: + key: "cached_binaries_${{ github.sha }}" + path: build + + - name: Build Binaries + if: steps.cached_binaries.outputs.cache-hit != 'true' + run: make build package-rpm package-deb + + - name: Upload to s3 + if: steps.cached_binaries.outputs.cache-hit != 'true' + run: aws s3 cp build/bin s3://cloudwatch-agent-integration-bucket/integration-test/binary/${{ github.sha }} --recursive + EC2LinuxIntegrationTest: + needs: + - MakeBinary name: 'EC2LinuxIntegrationTest' runs-on: ubuntu-latest defaults: @@ -28,15 +82,66 @@ jobs: { os: "ubuntu", package: "package-deb", username: "ubuntu", installAgentCommand: "dpkg -i -E ./amazon-cloudwatch-agent.deb", ami: "cloudwatch-agent-integration-test-ubuntu", caCertPath: "/etc/ssl/certs/ca-certificates.crt", - arc: "amd64" }, + arc: "amd64", binaryName: "amazon-cloudwatch-agent.deb" }, { os: "al2", package: "package-rpm", username: "ec2-user", installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm", ami: "cloudwatch-agent-integration-test-al2", caCertPath: "/etc/ssl/certs/ca-bundle.crt", - arc: "amd64" } + arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" }, + { os: "rhel8", package: "package-rpm", username: "ec2-user", + installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm", + ami: "cloudwatch-agent-integration-test-rhel8", caCertPath: "/etc/ssl/certs/ca-bundle.crt", + arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" }, + { os: "rhel8-1", package: "package-rpm", username: "ec2-user", + installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm", + ami: "cloudwatch-agent-integration-test-rhel8-1", caCertPath: "/etc/ssl/certs/ca-bundle.crt", + arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" }, + { os: "rhel8-2", package: "package-rpm", username: "ec2-user", + installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm", + ami: "cloudwatch-agent-integration-test-rhel8-2", caCertPath: "/etc/ssl/certs/ca-bundle.crt", + arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" }, + { os: "rhel8-3", package: "package-rpm", username: "ec2-user", + installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm", + ami: "cloudwatch-agent-integration-test-rhel8-3", caCertPath: "/etc/ssl/certs/ca-bundle.crt", + arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" }, + { os: "rhel8-4", package: "package-rpm", username: "ec2-user", + installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm", + ami: "cloudwatch-agent-integration-test-rhel8-4", caCertPath: "/etc/ssl/certs/ca-bundle.crt", + arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" }, + { os: "ol8-1", package: "package-rpm", username: "ec2-user", + installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm", + ami: "cloudwatch-agent-integration-test-ol8-1", caCertPath: "/etc/ssl/certs/ca-bundle.crt", + arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" }, + { os: "ol8-2", package: "package-rpm", username: "ec2-user", + installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm", + ami: "cloudwatch-agent-integration-test-ol8-2", caCertPath: "/etc/ssl/certs/ca-bundle.crt", + arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" }, + { os: "o8-3", package: "package-rpm", username: "ec2-user", + installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm", + ami: "cloudwatch-agent-integration-test-ol8-3", caCertPath: "/etc/ssl/certs/ca-bundle.crt", + arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" }, + { os: "ol8-4", package: "package-rpm", username: "ec2-user", + installAgentCommand: "rpm -U ./amazon-cloudwatch-agent.rpm", + ami: "cloudwatch-agent-integration-test-ol8-4", caCertPath: "/etc/ssl/certs/ca-bundle.crt", + arc: "amd64", binaryName: "amazon-cloudwatch-agent.rpm" } ] steps: - uses: actions/checkout@v2 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.TERRAFORM_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.TERRAFORM_AWS_SECRET_ACCESS_KEY }} + aws-region: us-west-2 + + - name: Cache if success + id: ec2-linux-integration-test + uses: actions/cache@v2 + with: + path: | + RELEASE_NOTES + key: ec2-linux-integration-test-${{ github.sha }}-${{ matrix.arrays.os }} + - name: Echo OS run: echo run on ec2 instance os ${{ matrix.arrays.os }} @@ -44,15 +149,14 @@ jobs: run: terraform --version - name: Terraform init - run: terraform init -var="aws_access_key=${TERRAFORM_AWS_ACCESS_KEY_ID}" -var="aws_secret_access_key=${TERRAFORM_AWS_ACCESS_KEY_ID}" + run: terraform init - name: Terraform apply + if: steps.ec2-linux-integration-test.outputs.cache-hit != 'true' run: > echo run terraform and execute test code && terraform apply --auto-approve -var="ssh_key=${PRIVATE_KEY}" - -var="aws_access_key=${TERRAFORM_AWS_ACCESS_KEY_ID}" - -var="aws_secret_access_key=${TERRAFORM_AWS_SECRET_ACCESS_KEY}" -var="github_repo=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" -var="github_sha=${GITHUB_SHA}" -var="package=${{ matrix.arrays.package }}" @@ -61,11 +165,10 @@ jobs: -var="ami=${{ matrix.arrays.ami }}" -var="ca_cert_path=${{ matrix.arrays.caCertPath }}" -var="arc=${{ matrix.arrays.arc }}" + -var="binary_name=${{ matrix.arrays.binaryName }}" - name: Terraform destroy - if: always() + if: ${{ always() && steps.ec2-linux-integration-test.outputs.cache-hit != 'true' }} run: > terraform destroy --auto-approve - -var="aws_access_key=${TERRAFORM_AWS_ACCESS_KEY_ID}" - -var="aws_secret_access_key=${TERRAFORM_AWS_SECRET_ACCESS_KEY}" -var="ami=${{ matrix.arrays.ami }}" \ No newline at end of file diff --git a/integration/localstack/docker-compose.yml b/integration/localstack/docker-compose.yml index fc2c797b2c..11f51af230 100644 --- a/integration/localstack/docker-compose.yml +++ b/integration/localstack/docker-compose.yml @@ -3,7 +3,9 @@ version: "3.8" services: localstack: container_name: "${LOCALSTACK_DOCKER_NAME-localstack_main}" - image: localstack/localstack + # @TODO use latest when this is fixed https://github.com/localstack/localstack/issues/5502 + # Use 0.12.20 since this is last version that worked for now + image: localstack/localstack:0.12.20 network_mode: bridge ports: - "127.0.0.1:53:53" diff --git a/integration/terraform/ec2/linux/README.md b/integration/terraform/ec2/linux/README.md new file mode 100644 index 0000000000..ce8dba6b44 --- /dev/null +++ b/integration/terraform/ec2/linux/README.md @@ -0,0 +1,13 @@ +Instance assumptions + +1. docker + 1. starts on start up + 2. does not require sudo +2. docker-compose +3. golang +4. openssl +5. git +6. make +7. rpm-build (on centos8 based os -rhel8 ol8-) +8. aws-cli +9. CloudWatchAgentServerRole is attached diff --git a/integration/terraform/ec2/linux/centOS8-setup.sh b/integration/terraform/ec2/linux/centOS8-setup.sh new file mode 100644 index 0000000000..db86c30da0 --- /dev/null +++ b/integration/terraform/ec2/linux/centOS8-setup.sh @@ -0,0 +1,22 @@ +# You can use this script to install all required deps for integration testing to a centos8 based linux (rhel8 ol8) +sudo yum install -y yum-utils +sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo +sudo yum install -y git make rpm-build nano docker-ce docker-ce-cli containerd.io wget +sudo systemctl start docker +# sudo groupadd docker on rhel this is already added +sudo usermod -aG docker $USER +newgrp docker +sudo systemctl enable docker.service +sudo systemctl enable containerd.service +sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose +sudo chmod +x /usr/local/bin/docker-compose +sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose +docker-compose --version +wget https://dl.google.com/go/go1.17.linux-amd64.tar.gz +sudo tar -C /usr/local -xzf go1.17.linux-amd64.tar.gz +echo "export PATH=$PATH:/usr/local/go/bin" >> ~/.bashrc +source ~/.bashrc +# assume open ssl is installed by default +curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" +unzip awscliv2.zip +sudo ./aws/install diff --git a/integration/terraform/ec2/linux/main.tf b/integration/terraform/ec2/linux/main.tf index 63d2cfe8b6..1f235ec6bc 100644 --- a/integration/terraform/ec2/linux/main.tf +++ b/integration/terraform/ec2/linux/main.tf @@ -11,8 +11,7 @@ resource "aws_instance" "integration-test" { "git clone ${var.github_repo}", "cd amazon-cloudwatch-agent", "git reset --hard ${var.github_sha}", - "make clean build ${var.package}", - "cd build/bin/linux/${var.arc}", + "aws s3 cp s3://cloudwatch-agent-integration-bucket/integration-test/binary/${var.github_sha}/linux/${var.arc}/${var.binary_name} .", "sudo ${var.install_agent}", "echo set up ssl pem for localstack, then start localstack", "cd ~/amazon-cloudwatch-agent/integration/localstack/ls_tmp", diff --git a/integration/terraform/ec2/linux/providers.tf b/integration/terraform/ec2/linux/providers.tf index 2b19f5d369..19769a7fb3 100644 --- a/integration/terraform/ec2/linux/providers.tf +++ b/integration/terraform/ec2/linux/providers.tf @@ -1,5 +1,3 @@ provider "aws" { - access_key = var.aws_access_key - secret_key = var.aws_secret_access_key region = var.region } \ No newline at end of file diff --git a/integration/terraform/ec2/linux/variables.tf b/integration/terraform/ec2/linux/variables.tf index 8817a8fb51..28b8bdd676 100644 --- a/integration/terraform/ec2/linux/variables.tf +++ b/integration/terraform/ec2/linux/variables.tf @@ -23,14 +23,6 @@ variable "region" { default = "us-west-2" } -variable "aws_access_key" { - type = string -} - -variable "aws_secret_access_key" { - type = string -} - variable "ami" { type = string default = "" @@ -76,4 +68,9 @@ variable "ca_cert_path" { variable "arc" { type = string default = "" +} + +variable "binary_name" { + type = string + default = "" } \ No newline at end of file diff --git a/integration/test/ca_bundle/ca_bundle_test.go b/integration/test/ca_bundle/ca_bundle_test.go index bc8142d6d0..5d85e7c364 100644 --- a/integration/test/ca_bundle/ca_bundle_test.go +++ b/integration/test/ca_bundle/ca_bundle_test.go @@ -42,8 +42,6 @@ func TestBundle(t *testing.T) { {dataInput: "resources/integration/ssl/with/original/bundle", findTarget: true}, //Do not look for ca bundle should not connect thus target string found {dataInput: "resources/integration/ssl/without/bundle", findTarget: true}, - //Do not look for ca bundle should not connect thus target string found - {dataInput: "resources/integration/ssl/without/bundle", findTarget: true}, } for _, parameter := range parameters {