Add a scenario to test chef-server tiered upgrade

terraform/aws/README.md

@@ -87,5 +87,5 @@ To destroy all active scenarios you may run either the `make destroy-all` or `ma
 ## Adding a new Scenario
 
 1. Duplicate an existing scenario directory that is similar to the one you desire. For example, if you wanted to add a
-   `omnibus-tiered-upgrade-from-stable`, you could start with the `omnibus-tiered-fresh-install` scenario file.   
+   `omnibus-tiered-upgrade`, you could start with the `omnibus-tiered-fresh-install` scenario file.   
 2. Update the `main.tf` file to reflect the scenario name as well as any additional test changes you require.

terraform/aws/scenarios/omnibus-standalone-upgrade-from-stable/README.md → terraform/aws/scenarios/omnibus-standalone-upgrade/README.md

@@ -1,4 +1,4 @@
-# Omnibus Standalone Upgrade From Stable
+# Omnibus Standalone Upgrade
 
 This directory contains the Terraform code used to instantiate a single Chef Infra Server utilizing Omnibus built artifacts as the install and upgrade packages.
 

terraform/aws/scenarios/omnibus-tiered-upgrade/README.md

@@ -0,0 +1,7 @@
+# Omnibus Tiered Upgrade
+
+This directory contains the Terraform code used to instantiate a "back-end" Chef Infra Server followed by a "front-end" Chef Infra Server utilizing an Omnibus built artifact downloaded from `$install_version_url`.
+
+Both servers receive a `/etc/opscode/chef-server.rb` configuration file that is setup with the "tier" topology.
+
+Once both servers are installed and configured the servers are then upgraded using the artifact downloaded from `$upgrade_version_url` before the pedant tests are run against the front-end.

terraform/aws/scenarios/omnibus-tiered-upgrade/files/dhparam.pem

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAtAvx3pUHBNcK2nD58nPPlKtJzZvrFCyKEn9BSn16/BmFwBhL8rh4
++fkrnLflZ/k9wJjiUkU0DCi+Fy6DUohPHOmmT0BiuwgsDZAFDyTj0PeZKINpbHnQ
+EbZENzWo5s5hsb1zVxIMEtTMRrigdHM3FQupFbzOHxonkO0JlocarOJBHGX+Crjp
+y/8SReCpC71R+Vl6d4+Dw6GFdL+6k6W558dPfq3UeV8HPWQEaM7/jXDUKJZ0tB6a
+1csrekkz3gBFlSjSxececRVn8bm5dTfc86rIWJWeWQVLYdBFT6zi43AvF+nLYKYh
++oVnVrhWgOLYvEKX311d9SaqcdrXVFscYwIBAg==
+-----END DH PARAMETERS-----

terraform/aws/scenarios/omnibus-tiered-upgrade/main.tf

@@ -0,0 +1,223 @@
+module "back_end" {
+  source = "../../modules/aws_instance"
+
+  aws_profile       = "${var.aws_profile}"
+  aws_region        = "${var.aws_region}"
+  aws_vpc_name      = "${var.aws_vpc_name}"
+  aws_department    = "${var.aws_department}"
+  aws_contact       = "${var.aws_contact}"
+  aws_ssh_key_id    = "${var.aws_ssh_key_id}"
+  aws_instance_type = "${var.aws_instance_type}"
+  enable_ipv6       = "${var.enable_ipv6}"
+  platform          = "${var.platform}"
+  name              = "backend-${var.scenario}-${var.enable_ipv6 ? "ipv6" : "ipv4"}-${var.platform}"
+}
+
+module "front_end" {
+  source = "../../modules/aws_instance"
+
+  aws_profile       = "${var.aws_profile}"
+  aws_region        = "${var.aws_region}"
+  aws_vpc_name      = "${var.aws_vpc_name}"
+  aws_department    = "${var.aws_department}"
+  aws_contact       = "${var.aws_contact}"
+  aws_ssh_key_id    = "${var.aws_ssh_key_id}"
+  aws_instance_type = "${var.aws_instance_type}"
+  enable_ipv6       = "${var.enable_ipv6}"
+  platform          = "${var.platform}"
+  name              = "frontend-${var.scenario}-${var.enable_ipv6 ? "ipv6" : "ipv4"}-${var.platform}"
+}
+
+# generate static hosts configuration
+data "template_file" "hosts_config" {
+  template = "${file("${path.module}/templates/hosts.tpl")}"
+
+  vars {
+    back_end_ip  = "${var.enable_ipv6 == true ? module.back_end.public_ipv6_address : module.back_end.private_ipv4_address}"
+    front_end_ip = "${var.enable_ipv6 == true ? module.front_end.public_ipv6_address : module.front_end.private_ipv4_address}"
+  }
+}
+
+# generate chef-server.rb configuration
+data "template_file" "chef_server_config" {
+  template = "${file("${path.module}/templates/chef-server.rb.tpl")}"
+
+  vars {
+    enable_ipv6  = "${var.enable_ipv6}"
+    back_end_ip  = "${var.enable_ipv6 == "true" ? module.back_end.public_ipv6_address : module.back_end.private_ipv4_address}"
+    front_end_ip = "${var.enable_ipv6 == "true" ? module.front_end.public_ipv6_address : module.front_end.private_ipv4_address}"
+    cidr         = "${var.enable_ipv6 == "true" ? 64 : 32}"
+  }
+}
+
+# update back-end chef server
+resource "null_resource" "back_end_config" {
+  # provide some connection info
+  connection {
+    type = "ssh"
+    user = "${module.back_end.ssh_username}"
+    host = "${module.back_end.public_ipv4_dns}"
+  }
+
+  provisioner "file" {
+    content     = "${data.template_file.hosts_config.rendered}"
+    destination = "/tmp/hosts"
+  }
+
+  provisioner "file" {
+    content     = "${data.template_file.chef_server_config.rendered}"
+    destination = "/tmp/chef-server.rb"
+  }
+
+  provisioner "file" {
+    source      = "${path.module}/../../../common/files/dhparam.pem"
+    destination = "/tmp/dhparam.pem"
+  }
+
+  # install chef-server
+  provisioner "remote-exec" {
+    inline = [
+      "set -evx",
+      "echo -e '\nBEGIN INSTALL CHEF SERVER (BACK-END)\n'",
+      "curl -vo /tmp/${replace(var.install_version_url, "/^.*\\//", "")} ${var.install_version_url}",
+      "sudo ${replace(var.install_version_url, "rpm", "") != var.install_version_url ? "rpm -U" : "dpkg -iEG"} /tmp/${replace(var.install_version_url, "/^.*\\//", "")}",
+      "sudo chown root:root /tmp/chef-server.rb",
+      "sudo chown root:root /tmp/dhparam.pem",
+      "sudo chown root:root /tmp/hosts",
+      "sudo mv /tmp/chef-server.rb /etc/opscode",
+      "sudo mv /tmp/dhparam.pem /etc/opscode",
+      "sudo mv /tmp/hosts /etc/hosts",
+      "sudo chef-server-ctl reconfigure --chef-license=accept",
+      "sleep 30",
+      "echo -e '\nEND INSTALL CHEF SERVER (BACK-END)\n'",
+    ]
+  }
+
+  # add user + organization
+  provisioner "remote-exec" {
+    script = "${path.module}/../../../common/files/add_user.sh"
+  }
+
+  # copy configuration to front-end
+  provisioner "remote-exec" {
+    inline = [
+      "set -evx",
+      "echo -e '\nBEGIN COPY CONFIGURATION TO FRONT-END\n'",
+      "sudo tar -C /etc -czf /tmp/opscode.tgz opscode",
+      "scp -o 'UserKnownHostsFile=/dev/null' -o 'StrictHostKeyChecking=no' /tmp/opscode.tgz ${module.back_end.ssh_username}@${module.front_end.public_ipv4_dns}:/tmp",
+      "echo -e '\nEND COPY CONFIGURATION TO FRONT-END\n'",
+    ]
+  }
+}
+
+# update front-end chef server
+resource "null_resource" "front_end_config" {
+  depends_on = ["null_resource.back_end_config"]
+
+  # provide some connection info
+  connection {
+    type = "ssh"
+    user = "${module.front_end.ssh_username}"
+    host = "${module.front_end.public_ipv4_dns}"
+  }
+
+  provisioner "file" {
+    content     = "${data.template_file.hosts_config.rendered}"
+    destination = "/tmp/hosts"
+  }
+
+  # install chef-server
+  provisioner "remote-exec" {
+    inline = [
+      "set -evx",
+      "echo -e '\nBEGIN INSTALL CHEF SERVER (FRONT-END)\n'",
+      "sudo chown root:root /tmp/hosts",
+      "sudo mv /tmp/hosts /etc/hosts",
+      "sudo tar -C /etc -xzf /tmp/opscode.tgz",
+      "curl -vo /tmp/${replace(var.install_version_url, "/^.*\\//", "")} ${var.install_version_url}",
+      "sudo ${replace(var.install_version_url, "rpm", "") != var.install_version_url ? "rpm -U" : "dpkg -iEG"} /tmp/${replace(var.install_version_url, "/^.*\\//", "")}",
+      "sudo chef-server-ctl reconfigure --chef-license=accept",
+      "sleep 120",
+      "echo -e '\nEND INSTALL CHEF SERVER (FRONT-END)\n'",
+    ]
+  }
+}
+
+# upgrade back-end chef server
+resource "null_resource" "back_end_upgrade" {
+  depends_on = ["null_resource.front_end_config"]
+
+  # provide some connection info
+  connection {
+    type = "ssh"
+    user = "${module.back_end.ssh_username}"
+    host = "${module.back_end.public_ipv4_dns}"
+  }
+
+  # upgrade chef-server
+  provisioner "remote-exec" {
+    inline = [
+      "set -evx",
+      "echo -e '\nBEGIN UPGRADE CHEF SERVER (BACK-END)\n'",
+      "curl -vo /tmp/${replace(var.upgrade_version_url, "/^.*\\//", "")} ${var.upgrade_version_url}",
+      "sudo ${replace(var.upgrade_version_url, "rpm", "") != var.upgrade_version_url ? "rpm -U" : "dpkg -iEG"} /tmp/${replace(var.upgrade_version_url, "/^.*\\//", "")}",
+      "sudo CHEF_LICENSE='accept' chef-server-ctl upgrade",
+      "sudo chef-server-ctl start",
+      "sudo chef-server-ctl cleanup",
+      "sleep 120",
+      "echo -e '\nEND UPGRADE CHEF SERVER (BACK-END)\n'",
+    ]
+  }
+}
+
+# upgrade front-end chef server
+resource "null_resource" "front_end_upgrade" {
+  depends_on = ["null_resource.back_end_upgrade"]
+
+  # provide some connection info
+  connection {
+    type = "ssh"
+    user = "${module.front_end.ssh_username}"
+    host = "${module.front_end.public_ipv4_dns}"
+  }
+
+  # upgrade chef-server
+  provisioner "remote-exec" {
+    inline = [
+      "set -evx",
+      "echo -e '\nBEGIN UPGRADE CHEF SERVER (FRONT-END)\n'",
+      "curl -vo /tmp/${replace(var.upgrade_version_url, "/^.*\\//", "")} ${var.upgrade_version_url}",
+      "sudo ${replace(var.upgrade_version_url, "rpm", "") != var.upgrade_version_url ? "rpm -U" : "dpkg -iEG"} /tmp/${replace(var.upgrade_version_url, "/^.*\\//", "")}",
+      "sudo CHEF_LICENSE='accept' chef-server-ctl upgrade",
+      "sudo chef-server-ctl start",
+      "sudo chef-server-ctl cleanup",
+      "sleep 30",
+      "echo -e '\nEND UPGRADE CHEF SERVER (FRONT-END)\n'",
+    ]
+  }
+
+  # run smoke test
+  provisioner "remote-exec" {
+    script = "${path.module}/../../../common/files/test_chef_server-smoke.sh"
+  }
+
+  # install push jobs addon
+  provisioner "remote-exec" {
+    script = "${path.module}/../../../common/files/install_addon_push_jobs.sh"
+  }
+
+  # test push jobs addon
+  provisioner "remote-exec" {
+    script = "${path.module}/../../../common/files/test_addon_push_jobs.sh"
+  }
+
+  # install chef manage addon
+  provisioner "remote-exec" {
+    script = "${path.module}/../../../common/files/install_addon_chef_manage.sh"
+  }
+
+  # run pedant test
+  provisioner "remote-exec" {
+    script = "${path.module}/../../../common/files/test_chef_server-pedant.sh"
+  }
+}

terraform/aws/scenarios/omnibus-tiered-upgrade/templates/chef-server.rb.tpl

@@ -0,0 +1,27 @@
+topology = "tier"
+
+server "backend.internal",
+  :ipaddress => "${back_end_ip}/${cidr}",
+  :role => "backend",
+  :bootstrap => true
+
+backend_vip "backend.internal",
+  :ipaddress => "${back_end_ip}/${cidr}"
+
+server "frontend.internal",
+  :ipaddress => "${front_end_ip}/${cidr}",
+  :role => "frontend"
+
+api_fqdn = "frontend.internal"
+
+opscode_erchef['keygen_start_size'] = 30
+
+opscode_erchef['keygen_cache_size'] = 60
+
+nginx['ssl_dhparam'] = '/etc/opscode/dhparam.pem'
+
+insecure_addon_compat = false
+
+data_collector['token'] = 'foobar'
+
+nginx['enable_ipv6'] = ${enable_ipv6}

terraform/aws/scenarios/omnibus-tiered-upgrade/templates/hosts.tpl

@@ -0,0 +1,13 @@
+127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
+
+# The following lines are desirable for IPv6 capable hosts
+::1       localhost.localdomain localhost6 localhost6.localdomain6 ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+ff02::3 ip6-allhosts
+
+${back_end_ip} backend.internal
+
+${front_end_ip} frontend.internal

terraform/aws/scenarios/omnibus-tiered-upgrade/variables.tf

@@ -0,0 +1,69 @@
+#########################################################################
+# AWS
+#########################################################################
+variable "aws_profile" {
+  type        = "string"
+  description = "Name of the AWS profile used for authentication (e.g. chef-engineering)."
+  default     = "chef-engineering"
+}
+
+variable "aws_region" {
+  type        = "string"
+  description = "Name of the AWS region to create instances in (e.g. us-west-2)."
+  default     = "us-west-1"
+}
+
+variable "aws_vpc_name" {
+  type        = "string"
+  description = "Name of the AWS virtual private cloud where tests will be run."
+  default     = ""
+}
+
+variable "aws_department" {
+  type        = "string"
+  description = "Department that owns the resources should be one of: EngServ, Operations, Eng, Training, Solutions, Sales, BD, Success or Partner"
+}
+
+variable "aws_contact" {
+  type        = "string"
+  description = "The primary contact for the resources, this should be the IAM username and must be able to receive email by appending @chef.io to it (this person can explain what/why, might not be the business owner)."
+}
+
+variable "aws_ssh_key_id" {
+  type        = "string"
+  description = "AWS ID of the SSH key used to access the instance (e.g. csnapp)."
+}
+
+variable "aws_instance_type" {
+  type        = "string"
+  description = "Name of the AWS instance type used to determine size of instances (e.g. t2.medium)."
+  default     = "t2.medium"
+}
+
+variable "platform" {
+  type        = "string"
+  description = "Operating System of the instance to be created."
+}
+
+#########################################################################
+# Chef Server
+#########################################################################
+variable "scenario" {
+  type        = "string"
+  description = "The name of the scenario being executed."
+}
+
+variable "install_version_url" {
+  type        = "string"
+  description = "The URL to a chef-server used during initial install."
+}
+
+variable "upgrade_version_url" {
+  type        = "string"
+  description = "The URL to a chef-server artifact used during upgrades."
+}
+
+variable "enable_ipv6" {
+  type        = "string"
+  description = "Use IPv6 in the chef-server.rb config and /etc/hosts."
+}