From 0005376f411e4e39840913d6a6e4a159cd496dc0 Mon Sep 17 00:00:00 2001 From: "Christopher A. Snapp" Date: Tue, 19 Nov 2019 10:16:41 -0700 Subject: [PATCH 1/2] Rename terraform standalone upgrade scenario Signed-off-by: Christopher A. Snapp --- terraform/aws/README.md | 2 +- .../README.md | 2 +- .../files/chef-server.rb | 0 .../files/dhparam.pem | 0 .../main.tf | 0 .../variables.tf | 0 6 files changed, 2 insertions(+), 2 deletions(-) rename terraform/aws/scenarios/{omnibus-standalone-upgrade-from-stable => omnibus-standalone-upgrade}/README.md (91%) rename terraform/aws/scenarios/{omnibus-standalone-upgrade-from-stable => omnibus-standalone-upgrade}/files/chef-server.rb (100%) rename terraform/aws/scenarios/{omnibus-standalone-upgrade-from-stable => omnibus-standalone-upgrade}/files/dhparam.pem (100%) rename terraform/aws/scenarios/{omnibus-standalone-upgrade-from-stable => omnibus-standalone-upgrade}/main.tf (100%) rename terraform/aws/scenarios/{omnibus-standalone-upgrade-from-stable => omnibus-standalone-upgrade}/variables.tf (100%) diff --git a/terraform/aws/README.md b/terraform/aws/README.md index 3a12c543be..71ca794760 100644 --- a/terraform/aws/README.md +++ b/terraform/aws/README.md @@ -87,5 +87,5 @@ To destroy all active scenarios you may run either the `make destroy-all` or `ma ## Adding a new Scenario 1. Duplicate an existing scenario directory that is similar to the one you desire. For example, if you wanted to add a - `omnibus-tiered-upgrade-from-stable`, you could start with the `omnibus-tiered-fresh-install` scenario file. + `omnibus-tiered-upgrade`, you could start with the `omnibus-tiered-fresh-install` scenario file. 2. Update the `main.tf` file to reflect the scenario name as well as any additional test changes you require. diff --git a/terraform/aws/scenarios/omnibus-standalone-upgrade-from-stable/README.md b/terraform/aws/scenarios/omnibus-standalone-upgrade/README.md similarity index 91% rename from terraform/aws/scenarios/omnibus-standalone-upgrade-from-stable/README.md rename to terraform/aws/scenarios/omnibus-standalone-upgrade/README.md index 99e188f23c..6b699cabd4 100644 --- a/terraform/aws/scenarios/omnibus-standalone-upgrade-from-stable/README.md +++ b/terraform/aws/scenarios/omnibus-standalone-upgrade/README.md @@ -1,4 +1,4 @@ -# Omnibus Standalone Upgrade From Stable +# Omnibus Standalone Upgrade This directory contains the Terraform code used to instantiate a single Chef Infra Server utilizing Omnibus built artifacts as the install and upgrade packages. diff --git a/terraform/aws/scenarios/omnibus-standalone-upgrade-from-stable/files/chef-server.rb b/terraform/aws/scenarios/omnibus-standalone-upgrade/files/chef-server.rb similarity index 100% rename from terraform/aws/scenarios/omnibus-standalone-upgrade-from-stable/files/chef-server.rb rename to terraform/aws/scenarios/omnibus-standalone-upgrade/files/chef-server.rb diff --git a/terraform/aws/scenarios/omnibus-standalone-upgrade-from-stable/files/dhparam.pem b/terraform/aws/scenarios/omnibus-standalone-upgrade/files/dhparam.pem similarity index 100% rename from terraform/aws/scenarios/omnibus-standalone-upgrade-from-stable/files/dhparam.pem rename to terraform/aws/scenarios/omnibus-standalone-upgrade/files/dhparam.pem diff --git a/terraform/aws/scenarios/omnibus-standalone-upgrade-from-stable/main.tf b/terraform/aws/scenarios/omnibus-standalone-upgrade/main.tf similarity index 100% rename from terraform/aws/scenarios/omnibus-standalone-upgrade-from-stable/main.tf rename to terraform/aws/scenarios/omnibus-standalone-upgrade/main.tf diff --git a/terraform/aws/scenarios/omnibus-standalone-upgrade-from-stable/variables.tf b/terraform/aws/scenarios/omnibus-standalone-upgrade/variables.tf similarity index 100% rename from terraform/aws/scenarios/omnibus-standalone-upgrade-from-stable/variables.tf rename to terraform/aws/scenarios/omnibus-standalone-upgrade/variables.tf From 0bcd8170a47132c202f66339f858dc773162828d Mon Sep 17 00:00:00 2001 From: "Christopher A. Snapp" Date: Tue, 19 Nov 2019 12:34:50 -0700 Subject: [PATCH 2/2] Add a scenario to test chef-server tiered upgrade Signed-off-by: Christopher A. Snapp --- .../omnibus-tiered-upgrade/README.md | 7 + .../omnibus-tiered-upgrade/files/dhparam.pem | 8 + .../scenarios/omnibus-tiered-upgrade/main.tf | 223 ++++++++++++++++++ .../templates/chef-server.rb.tpl | 27 +++ .../templates/hosts.tpl | 13 + .../omnibus-tiered-upgrade/variables.tf | 69 ++++++ 6 files changed, 347 insertions(+) create mode 100644 terraform/aws/scenarios/omnibus-tiered-upgrade/README.md create mode 100644 terraform/aws/scenarios/omnibus-tiered-upgrade/files/dhparam.pem create mode 100644 terraform/aws/scenarios/omnibus-tiered-upgrade/main.tf create mode 100644 terraform/aws/scenarios/omnibus-tiered-upgrade/templates/chef-server.rb.tpl create mode 100644 terraform/aws/scenarios/omnibus-tiered-upgrade/templates/hosts.tpl create mode 100644 terraform/aws/scenarios/omnibus-tiered-upgrade/variables.tf diff --git a/terraform/aws/scenarios/omnibus-tiered-upgrade/README.md b/terraform/aws/scenarios/omnibus-tiered-upgrade/README.md new file mode 100644 index 0000000000..62c9750185 --- /dev/null +++ b/terraform/aws/scenarios/omnibus-tiered-upgrade/README.md @@ -0,0 +1,7 @@ +# Omnibus Tiered Upgrade + +This directory contains the Terraform code used to instantiate a "back-end" Chef Infra Server followed by a "front-end" Chef Infra Server utilizing an Omnibus built artifact downloaded from `$install_version_url`. + +Both servers receive a `/etc/opscode/chef-server.rb` configuration file that is setup with the "tier" topology. + +Once both servers are installed and configured the servers are then upgraded using the artifact downloaded from `$upgrade_version_url` before the pedant tests are run against the front-end. diff --git a/terraform/aws/scenarios/omnibus-tiered-upgrade/files/dhparam.pem b/terraform/aws/scenarios/omnibus-tiered-upgrade/files/dhparam.pem new file mode 100644 index 0000000000..29b55b63c5 --- /dev/null +++ b/terraform/aws/scenarios/omnibus-tiered-upgrade/files/dhparam.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAtAvx3pUHBNcK2nD58nPPlKtJzZvrFCyKEn9BSn16/BmFwBhL8rh4 ++fkrnLflZ/k9wJjiUkU0DCi+Fy6DUohPHOmmT0BiuwgsDZAFDyTj0PeZKINpbHnQ +EbZENzWo5s5hsb1zVxIMEtTMRrigdHM3FQupFbzOHxonkO0JlocarOJBHGX+Crjp +y/8SReCpC71R+Vl6d4+Dw6GFdL+6k6W558dPfq3UeV8HPWQEaM7/jXDUKJZ0tB6a +1csrekkz3gBFlSjSxececRVn8bm5dTfc86rIWJWeWQVLYdBFT6zi43AvF+nLYKYh ++oVnVrhWgOLYvEKX311d9SaqcdrXVFscYwIBAg== +-----END DH PARAMETERS----- diff --git a/terraform/aws/scenarios/omnibus-tiered-upgrade/main.tf b/terraform/aws/scenarios/omnibus-tiered-upgrade/main.tf new file mode 100644 index 0000000000..80af09d33b --- /dev/null +++ b/terraform/aws/scenarios/omnibus-tiered-upgrade/main.tf @@ -0,0 +1,223 @@ +module "back_end" { + source = "../../modules/aws_instance" + + aws_profile = "${var.aws_profile}" + aws_region = "${var.aws_region}" + aws_vpc_name = "${var.aws_vpc_name}" + aws_department = "${var.aws_department}" + aws_contact = "${var.aws_contact}" + aws_ssh_key_id = "${var.aws_ssh_key_id}" + aws_instance_type = "${var.aws_instance_type}" + enable_ipv6 = "${var.enable_ipv6}" + platform = "${var.platform}" + name = "backend-${var.scenario}-${var.enable_ipv6 ? "ipv6" : "ipv4"}-${var.platform}" +} + +module "front_end" { + source = "../../modules/aws_instance" + + aws_profile = "${var.aws_profile}" + aws_region = "${var.aws_region}" + aws_vpc_name = "${var.aws_vpc_name}" + aws_department = "${var.aws_department}" + aws_contact = "${var.aws_contact}" + aws_ssh_key_id = "${var.aws_ssh_key_id}" + aws_instance_type = "${var.aws_instance_type}" + enable_ipv6 = "${var.enable_ipv6}" + platform = "${var.platform}" + name = "frontend-${var.scenario}-${var.enable_ipv6 ? "ipv6" : "ipv4"}-${var.platform}" +} + +# generate static hosts configuration +data "template_file" "hosts_config" { + template = "${file("${path.module}/templates/hosts.tpl")}" + + vars { + back_end_ip = "${var.enable_ipv6 == true ? module.back_end.public_ipv6_address : module.back_end.private_ipv4_address}" + front_end_ip = "${var.enable_ipv6 == true ? module.front_end.public_ipv6_address : module.front_end.private_ipv4_address}" + } +} + +# generate chef-server.rb configuration +data "template_file" "chef_server_config" { + template = "${file("${path.module}/templates/chef-server.rb.tpl")}" + + vars { + enable_ipv6 = "${var.enable_ipv6}" + back_end_ip = "${var.enable_ipv6 == "true" ? module.back_end.public_ipv6_address : module.back_end.private_ipv4_address}" + front_end_ip = "${var.enable_ipv6 == "true" ? module.front_end.public_ipv6_address : module.front_end.private_ipv4_address}" + cidr = "${var.enable_ipv6 == "true" ? 64 : 32}" + } +} + +# update back-end chef server +resource "null_resource" "back_end_config" { + # provide some connection info + connection { + type = "ssh" + user = "${module.back_end.ssh_username}" + host = "${module.back_end.public_ipv4_dns}" + } + + provisioner "file" { + content = "${data.template_file.hosts_config.rendered}" + destination = "/tmp/hosts" + } + + provisioner "file" { + content = "${data.template_file.chef_server_config.rendered}" + destination = "/tmp/chef-server.rb" + } + + provisioner "file" { + source = "${path.module}/../../../common/files/dhparam.pem" + destination = "/tmp/dhparam.pem" + } + + # install chef-server + provisioner "remote-exec" { + inline = [ + "set -evx", + "echo -e '\nBEGIN INSTALL CHEF SERVER (BACK-END)\n'", + "curl -vo /tmp/${replace(var.install_version_url, "/^.*\\//", "")} ${var.install_version_url}", + "sudo ${replace(var.install_version_url, "rpm", "") != var.install_version_url ? "rpm -U" : "dpkg -iEG"} /tmp/${replace(var.install_version_url, "/^.*\\//", "")}", + "sudo chown root:root /tmp/chef-server.rb", + "sudo chown root:root /tmp/dhparam.pem", + "sudo chown root:root /tmp/hosts", + "sudo mv /tmp/chef-server.rb /etc/opscode", + "sudo mv /tmp/dhparam.pem /etc/opscode", + "sudo mv /tmp/hosts /etc/hosts", + "sudo chef-server-ctl reconfigure --chef-license=accept", + "sleep 30", + "echo -e '\nEND INSTALL CHEF SERVER (BACK-END)\n'", + ] + } + + # add user + organization + provisioner "remote-exec" { + script = "${path.module}/../../../common/files/add_user.sh" + } + + # copy configuration to front-end + provisioner "remote-exec" { + inline = [ + "set -evx", + "echo -e '\nBEGIN COPY CONFIGURATION TO FRONT-END\n'", + "sudo tar -C /etc -czf /tmp/opscode.tgz opscode", + "scp -o 'UserKnownHostsFile=/dev/null' -o 'StrictHostKeyChecking=no' /tmp/opscode.tgz ${module.back_end.ssh_username}@${module.front_end.public_ipv4_dns}:/tmp", + "echo -e '\nEND COPY CONFIGURATION TO FRONT-END\n'", + ] + } +} + +# update front-end chef server +resource "null_resource" "front_end_config" { + depends_on = ["null_resource.back_end_config"] + + # provide some connection info + connection { + type = "ssh" + user = "${module.front_end.ssh_username}" + host = "${module.front_end.public_ipv4_dns}" + } + + provisioner "file" { + content = "${data.template_file.hosts_config.rendered}" + destination = "/tmp/hosts" + } + + # install chef-server + provisioner "remote-exec" { + inline = [ + "set -evx", + "echo -e '\nBEGIN INSTALL CHEF SERVER (FRONT-END)\n'", + "sudo chown root:root /tmp/hosts", + "sudo mv /tmp/hosts /etc/hosts", + "sudo tar -C /etc -xzf /tmp/opscode.tgz", + "curl -vo /tmp/${replace(var.install_version_url, "/^.*\\//", "")} ${var.install_version_url}", + "sudo ${replace(var.install_version_url, "rpm", "") != var.install_version_url ? "rpm -U" : "dpkg -iEG"} /tmp/${replace(var.install_version_url, "/^.*\\//", "")}", + "sudo chef-server-ctl reconfigure --chef-license=accept", + "sleep 120", + "echo -e '\nEND INSTALL CHEF SERVER (FRONT-END)\n'", + ] + } +} + +# upgrade back-end chef server +resource "null_resource" "back_end_upgrade" { + depends_on = ["null_resource.front_end_config"] + + # provide some connection info + connection { + type = "ssh" + user = "${module.back_end.ssh_username}" + host = "${module.back_end.public_ipv4_dns}" + } + + # upgrade chef-server + provisioner "remote-exec" { + inline = [ + "set -evx", + "echo -e '\nBEGIN UPGRADE CHEF SERVER (BACK-END)\n'", + "curl -vo /tmp/${replace(var.upgrade_version_url, "/^.*\\//", "")} ${var.upgrade_version_url}", + "sudo ${replace(var.upgrade_version_url, "rpm", "") != var.upgrade_version_url ? "rpm -U" : "dpkg -iEG"} /tmp/${replace(var.upgrade_version_url, "/^.*\\//", "")}", + "sudo CHEF_LICENSE='accept' chef-server-ctl upgrade", + "sudo chef-server-ctl start", + "sudo chef-server-ctl cleanup", + "sleep 120", + "echo -e '\nEND UPGRADE CHEF SERVER (BACK-END)\n'", + ] + } +} + +# upgrade front-end chef server +resource "null_resource" "front_end_upgrade" { + depends_on = ["null_resource.back_end_upgrade"] + + # provide some connection info + connection { + type = "ssh" + user = "${module.front_end.ssh_username}" + host = "${module.front_end.public_ipv4_dns}" + } + + # upgrade chef-server + provisioner "remote-exec" { + inline = [ + "set -evx", + "echo -e '\nBEGIN UPGRADE CHEF SERVER (FRONT-END)\n'", + "curl -vo /tmp/${replace(var.upgrade_version_url, "/^.*\\//", "")} ${var.upgrade_version_url}", + "sudo ${replace(var.upgrade_version_url, "rpm", "") != var.upgrade_version_url ? "rpm -U" : "dpkg -iEG"} /tmp/${replace(var.upgrade_version_url, "/^.*\\//", "")}", + "sudo CHEF_LICENSE='accept' chef-server-ctl upgrade", + "sudo chef-server-ctl start", + "sudo chef-server-ctl cleanup", + "sleep 30", + "echo -e '\nEND UPGRADE CHEF SERVER (FRONT-END)\n'", + ] + } + + # run smoke test + provisioner "remote-exec" { + script = "${path.module}/../../../common/files/test_chef_server-smoke.sh" + } + + # install push jobs addon + provisioner "remote-exec" { + script = "${path.module}/../../../common/files/install_addon_push_jobs.sh" + } + + # test push jobs addon + provisioner "remote-exec" { + script = "${path.module}/../../../common/files/test_addon_push_jobs.sh" + } + + # install chef manage addon + provisioner "remote-exec" { + script = "${path.module}/../../../common/files/install_addon_chef_manage.sh" + } + + # run pedant test + provisioner "remote-exec" { + script = "${path.module}/../../../common/files/test_chef_server-pedant.sh" + } +} diff --git a/terraform/aws/scenarios/omnibus-tiered-upgrade/templates/chef-server.rb.tpl b/terraform/aws/scenarios/omnibus-tiered-upgrade/templates/chef-server.rb.tpl new file mode 100644 index 0000000000..ccad858d74 --- /dev/null +++ b/terraform/aws/scenarios/omnibus-tiered-upgrade/templates/chef-server.rb.tpl @@ -0,0 +1,27 @@ +topology = "tier" + +server "backend.internal", + :ipaddress => "${back_end_ip}/${cidr}", + :role => "backend", + :bootstrap => true + +backend_vip "backend.internal", + :ipaddress => "${back_end_ip}/${cidr}" + +server "frontend.internal", + :ipaddress => "${front_end_ip}/${cidr}", + :role => "frontend" + +api_fqdn = "frontend.internal" + +opscode_erchef['keygen_start_size'] = 30 + +opscode_erchef['keygen_cache_size'] = 60 + +nginx['ssl_dhparam'] = '/etc/opscode/dhparam.pem' + +insecure_addon_compat = false + +data_collector['token'] = 'foobar' + +nginx['enable_ipv6'] = ${enable_ipv6} diff --git a/terraform/aws/scenarios/omnibus-tiered-upgrade/templates/hosts.tpl b/terraform/aws/scenarios/omnibus-tiered-upgrade/templates/hosts.tpl new file mode 100644 index 0000000000..b38420a7cc --- /dev/null +++ b/terraform/aws/scenarios/omnibus-tiered-upgrade/templates/hosts.tpl @@ -0,0 +1,13 @@ +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 + +# The following lines are desirable for IPv6 capable hosts +::1 localhost.localdomain localhost6 localhost6.localdomain6 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +ff02::3 ip6-allhosts + +${back_end_ip} backend.internal + +${front_end_ip} frontend.internal diff --git a/terraform/aws/scenarios/omnibus-tiered-upgrade/variables.tf b/terraform/aws/scenarios/omnibus-tiered-upgrade/variables.tf new file mode 100644 index 0000000000..9a30336be9 --- /dev/null +++ b/terraform/aws/scenarios/omnibus-tiered-upgrade/variables.tf @@ -0,0 +1,69 @@ +######################################################################### +# AWS +######################################################################### +variable "aws_profile" { + type = "string" + description = "Name of the AWS profile used for authentication (e.g. chef-engineering)." + default = "chef-engineering" +} + +variable "aws_region" { + type = "string" + description = "Name of the AWS region to create instances in (e.g. us-west-2)." + default = "us-west-1" +} + +variable "aws_vpc_name" { + type = "string" + description = "Name of the AWS virtual private cloud where tests will be run." + default = "" +} + +variable "aws_department" { + type = "string" + description = "Department that owns the resources should be one of: EngServ, Operations, Eng, Training, Solutions, Sales, BD, Success or Partner" +} + +variable "aws_contact" { + type = "string" + description = "The primary contact for the resources, this should be the IAM username and must be able to receive email by appending @chef.io to it (this person can explain what/why, might not be the business owner)." +} + +variable "aws_ssh_key_id" { + type = "string" + description = "AWS ID of the SSH key used to access the instance (e.g. csnapp)." +} + +variable "aws_instance_type" { + type = "string" + description = "Name of the AWS instance type used to determine size of instances (e.g. t2.medium)." + default = "t2.medium" +} + +variable "platform" { + type = "string" + description = "Operating System of the instance to be created." +} + +######################################################################### +# Chef Server +######################################################################### +variable "scenario" { + type = "string" + description = "The name of the scenario being executed." +} + +variable "install_version_url" { + type = "string" + description = "The URL to a chef-server used during initial install." +} + +variable "upgrade_version_url" { + type = "string" + description = "The URL to a chef-server artifact used during upgrades." +} + +variable "enable_ipv6" { + type = "string" + description = "Use IPv6 in the chef-server.rb config and /etc/hosts." +}