Add integration_test script and buildkite steps

Signed-off-by: Christopher A. Snapp <[email protected]>

.expeditor/integration_test.pipeline.sh

@@ -0,0 +1,232 @@
+#!/usr/bin/env bash
+
+prog='integration_test.pipeline.sh'
+action=
+ret=1
+
+# print command usage
+print_usage () {
+    cat <<EOF
+Usage: $prog [-h] [--help] <command>
+
+Options:
+    -h, --help  display this help and exit
+
+Commands:
+
+    apply       Applies the Terraform scenario configured via environment variables.
+    destroy     Destroys the Terraform scenario based on environment variables.
+
+Environment Variables:
+
+  REQUIRED:
+
+    AWS_CONTACT
+    AWS_DEFAULT_PROFILE
+    AWS_DEFAULT_REGION
+    AWS_DEPARTMENT
+    AWS_SSH_KEY_ID
+    AWS_VPC_NAME
+    ENABLE_IPV6
+    PLATFORM
+    SCENARIO
+
+  OPTIONAL:
+    ACTION
+    BUILD_NUMBER
+EOF
+}
+
+# print error message followed by usage and exit
+error () {
+  local message="$1"
+
+  echo -e "\nERROR: ${message}\n" >&2
+
+  [[ $ret -gt 0 ]] && print_usage >&2
+
+  exit $ret
+}
+
+# process arguments
+for arg in "$@"; do
+  case "$arg" in
+    -h | --help)
+      print_usage
+      exit 0
+      ;;
+    apply)
+      action='apply'
+      ;;
+    destroy)
+      action='destroy'
+      ;;
+  esac
+done
+
+# destroy the terraform scenario
+destroy () {
+  echo "--- Destroying $TERRAFORM_WORKSPACE"
+
+  # set bogus values for destroy
+  export TF_VAR_install_version_url='NULL'
+  export TF_VAR_upgrade_version_url='NULL'
+  export TF_VAR_backend_version_url='NULL'
+
+  terraform destroy -auto-approve || error 'terraform destroy failed! Manual cleanup of resources may be required'
+
+  # set return value if there was no apply during this script run
+  [[ "$action" = 'destroy' ]] && ret=$?
+
+  terraform workspace select default || error 'terraform failed to switch to the "default" workspace!'
+  terraform workspace delete "$TERRAFORM_WORKSPACE" || error "terraform failed to delete the $TERRAFORM_WORKSPACE workspace! Manual cleanup of resources may be required"
+
+  exit $ret
+}
+
+# apply the terraform scenario
+apply () {
+  # verify command dependencies
+  [[ "$(command -v mixlib-install)" ]] || error 'mixlib-install command is not available'
+  [[ "$(command -v vault)" ]] || error 'vault command is not available'
+
+  # ensure terraform destroy is called on exit
+  trap 'destroy;' EXIT INT TERM HUP
+
+  echo "--- Configure SSH key associated with $TF_VAR_aws_ssh_key_id from vault"
+  eval "$(ssh-agent)"
+  # FIXME 20191223 - fix to retrieve ssh key from vault rather than aws s3 bucket
+  mkdir -p ~/.ssh
+  chmod 700 ~/.ssh
+  aws s3 cp s3://chef-cd-citadel/cd-infrastructure-aws ~/.ssh/id_rsa
+  chmod 600 ~/.ssh/id_rsa
+  ssh-add ~/.ssh/id_rsa
+  #vault read -field="ssh_private_key account/static/aws/${TF_VAR_aws_profile}/${TF_VAR_aws_ssh_key_id}" | ssh-add -
+  [[ $(ssh-add -l | wc -l) -gt 0 ]] || error 'ssh-agent does not have any keys loaded!'
+
+  echo '--- Identify product versions and download URLs'
+  [[ -z "$INSTALL_VERSION" ]] && INSTALL_VERSION="$(mixlib-install list-versions chef-server stable | tail -n 1)"
+  export INSTALL_VERSION
+  [[ -z "$UPGRADE_VERSION" ]] && UPGRADE_VERSION="$(mixlib-install list-versions chef-server current | tail -n 1)"
+  export UPGRADE_VERSION
+  [[ -z "$BACKEND_VERSION" ]] && BACKEND_VERSION="$(mixlib-install list-versions chef-backend current | tail -n 1)"
+  export BACKEND_VERSION
+
+  echo '--- Identify product download URLs'
+  TF_VAR_install_version_url=$(for channel in unstable current stable; do mixlib-install download chef-server --url -c $channel -a x86_64 -p "$(sed 's/rhel/el/' <<<"${TF_VAR_platform%-*}")" -l "${TF_VAR_platform##*-}" -v "$INSTALL_VERSION" 2>/dev/null && break; done | head -n 1)
+  export TF_VAR_install_version_url
+  TF_VAR_upgrade_version_url=$(for channel in unstable current stable; do mixlib-install download chef-server --url -c $channel -a x86_64 -p "$(sed 's/rhel/el/' <<<"${TF_VAR_platform%-*}")" -l "${TF_VAR_platform##*-}" -v "$UPGRADE_VERSION" 2>/dev/null && break; done | head -n 1)
+  export TF_VAR_upgrade_version_url
+  TF_VAR_backend_version_url=$(for channel in unstable current stable; do mixlib-install download chef-backend --url -c $channel -a x86_64 -p "$(sed 's/rhel/el/' <<<"${TF_VAR_platform%-*}")" -l "${TF_VAR_platform##*-}" -v "$BACKEND_VERSION" 2>/dev/null && break; done | head -n 1)
+  export TF_VAR_backend_version_url
+
+  echo "--- Execute $TF_VAR_scenario scenario"
+  cat <<EOF
+
+  BEGIN SCENARIO
+
+      Workspace: $TERRAFORM_WORKSPACE
+      Scenario: $TF_VAR_scenario
+      Platform: $TF_VAR_platform
+          IPv6: $TF_VAR_enable_ipv6
+        Install: $INSTALL_VERSION
+    Install URL: $TF_VAR_install_version_url
+        Upgrade: $UPGRADE_VERSION
+    Upgrade URL: $TF_VAR_upgrade_version_url
+        Backend: $BACKEND_VERSION
+    Backend URL: $TF_VAR_backend_version_url
+
+EOF
+
+  # run the terraform scenario
+  terraform apply -auto-approve
+  ret=$?
+
+  cat <<EOF
+
+  END SCENARIO
+
+      Workspace: $TERRAFORM_WORKSPACE
+      Scenario: $TF_VAR_scenario
+        Status: $( [[ "$ret" -eq 0 ]] && echo 'SUCCESS' || echo 'FAIL' )
+
+EOF
+}
+
+echo '--- Verifying environment'
+
+# allow for environment override of action
+case "$ACTION" in
+  apply)
+    action='apply'
+    ;;
+  destroy)
+    action='destroy'
+    ;;
+esac
+
+# verify we have an action set
+[[ -z "$action" ]] && error 'no action provided'
+
+# verify command dependencies
+[[ "$(command -v terraform)" ]] || error 'terraform command is not available'
+
+# verify environment variables
+[[ -z "$BUILDKITE_BUILD_NUMBER" ]] && error 'BUILDKITE_BUILD_NUMBER environment variable is required!'
+[[ -z "$BUILDKITE_LABEL" ]] && error 'BUILDKITE_LABEL environment variable is required!'
+
+# allow for environment override of build number
+[[ -z "$BUILD_NUMBER" ]] && BUILD_NUMBER="${EXPEDITOR_BUILD_NUMBER}"
+[[ -z "$BUILD_NUMBER" ]] && BUILD_NUMBER="${BUILDKITE_BUILD_NUMBER}"
+export BUILD_NUMBER
+
+# identify terraform workspace
+TERRAFORM_WORKSPACE="${BUILD_NUMBER}-${BUILDKITE_LABEL##*: }"
+export TERRAFORM_WORKSPACE
+
+# apply defaults if necessary
+[[ -z "$TF_VAR_build_prefix" ]] && TF_VAR_build_prefix="${BUILD_NUMBER}-"
+export TF_VAR_build_prefix
+[[ -z "$TF_VAR_aws_contact" ]] && TF_VAR_aws_contact="${AWS_CONTACT:-releng}"
+export TF_VAR_aws_contact
+[[ -z "$TF_VAR_aws_department" ]] && TF_VAR_aws_department="${AWS_DEPARTMENT:-EngServ}"
+export TF_VAR_aws_department
+[[ -z "$TF_VAR_aws_profile" ]] && TF_VAR_aws_profile="${AWS_DEFAULT_PROFILE:-chef-cd}"
+export TF_VAR_aws_profile
+[[ -z "$TF_VAR_aws_region" ]] && TF_VAR_aws_region="${AWS_DEFAULT_REGION:-us-west-2}"
+export TF_VAR_aws_region
+[[ -z "$TF_VAR_aws_ssh_key_id" ]] && TF_VAR_aws_ssh_key_id="${AWS_SSH_KEY_ID:-cd-infrastructure}"
+export TF_VAR_aws_ssh_key_id
+[[ -z "$TF_VAR_aws_vpc_name" ]] && TF_VAR_aws_vpc_name="${AWS_VPC_NAME:-releng-chef_server-test}"
+export TF_VAR_aws_vpc_name
+[[ -z "$TF_VAR_enable_ipv6" ]] && TF_VAR_enable_ipv6="${ENABLE_IPV6:-true}"
+export TF_VAR_enable_ipv6
+[[ -z "$TF_VAR_platform" ]] && TF_VAR_platform="${PLATFORM:-ubuntu-18.04}"
+export TF_VAR_platform
+[[ -z "$TF_VAR_scenario" ]] && TF_VAR_scenario="${SCENARIO:-omnibus-standalone-fresh-install}"
+export TF_VAR_scenario
+
+echo "--- Initializing $TERRAFORM_WORKSPACE workspace"
+
+cd "/workdir/terraform/aws/scenarios/${TF_VAR_scenario}" || error "could not find ${TF_VAR_scenario} scenario"
+
+# override terraform backend to use shared consul
+cat > "/workdir/terraform/aws/scenarios/${TF_VAR_scenario}/backend.tf" <<EOF
+terraform {
+  backend "consul" {
+    address = "http://consul.chef.co"
+    scheme  = "https"
+    path    = "terraform/chef-server/test-scenario"
+    gzip    = true
+  }
+}
+EOF
+
+# initialize the terraform scenario
+[[ -d .terraform ]] || terraform init
+
+# switch terraform workspace
+terraform workspace select "$TERRAFORM_WORKSPACE" || terraform workspace new "$TERRAFORM_WORKSPACE"
+
+# execute desired action
+eval "$action"

.expeditor/integration_test.pipeline.yml

@@ -5,3 +5,69 @@ expeditor:
       timeout_in_minutes: 90
 
 steps:
+
+- label: ':terraform: omnibus-chef-backend-ipv4'
+  command: .expeditor/integration_test.pipeline.sh apply
+  env:
+    SCENARIO: omnibus-chef-backend
+    ENABLE_IPV6: false
+  expeditor:
+    accounts:
+      - aws/chef-cd
+    executor:
+      docker:
+
+- label: ':terraform: omnibus-standalone-upgrade-ipv4'
+  command: .expeditor/integration_test.pipeline.sh apply
+  env:
+    SCENARIO: omnibus-standalone-upgrade
+    ENABLE_IPV6: false
+  expeditor:
+    accounts:
+      - aws/chef-cd
+    executor:
+      docker:
+
+- label: ':terraform: omnibus-tiered-fresh-install-ipv4'
+  command: .expeditor/integration_test.pipeline.sh apply
+  env:
+    SCENARIO: omnibus-tiered-fresh-install
+    ENABLE_IPV6: false
+  expeditor:
+    accounts:
+      - aws/chef-cd
+    executor:
+      docker:
+
+- label: ':terraform: omnibus-tiered-fresh-install-ipv6'
+  command: .expeditor/integration_test.pipeline.sh apply
+  env:
+    SCENARIO: omnibus-tiered-fresh-install
+    ENABLE_IPV6: true
+  expeditor:
+    accounts:
+      - aws/chef-cd
+    executor:
+      docker:
+
+- label: ':terraform: omnibus-tiered-upgrade-ipv4'
+  command: .expeditor/integration_test.pipeline.sh apply
+  env:
+    SCENARIO: omnibus-tiered-upgrade
+    ENABLE_IPV6: false
+  expeditor:
+    accounts:
+      - aws/chef-cd
+    executor:
+      docker:
+
+- label: ':terraform: omnibus-tiered-upgrade-ipv6'
+  command: .expeditor/integration_test.pipeline.sh apply
+  env:
+    SCENARIO: omnibus-tiered-upgrade
+    ENABLE_IPV6: true
+  expeditor:
+    accounts:
+      - aws/chef-cd
+    executor:
+      docker: