AUFN KIDDIN' ME?! #49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # | |
| name: AUFN KIDDIN' ME?! | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| deployment_type: | |
| description: Type of deployment | |
| type: choice | |
| options: | |
| - Test | |
| - Deployment | |
| default: Test | |
| lab_vm_count: | |
| description: Total number of Lab VMs to deploy | |
| type: number | |
| required: true | |
| default: 1 | |
| bas_pwd: # When using in workflow use ::add-mask::$ to mask the password | |
| description: Password for bastion access | |
| type: string | |
| default: "" # NOTE: This needs to be set at runtime via secrets | |
| os_image: | |
| description: Host OS image | |
| type: choice | |
| options: | |
| - Ubuntu | |
| - Rocky9 | |
| default: 'Rocky9' | |
| aufn_branch: | |
| description: Which branch of AUFN to use #Need to use this to alter a-seed-from-nothing.sh | |
| type: string | |
| default: smslab/2023.1 | |
| au_from_seed: | |
| description: Run 'A Universe From Seed'? | |
| type: boolean | |
| default: false | |
| debug_mode: | |
| description: Keep 'Test' up to debug? | |
| type: boolean | |
| default: false | |
| taint_rebuild: | |
| description: Taint and rebuild failed Lab VMs? | |
| type: boolean | |
| default: false | |
| secrets: | |
| BASTION_TEST_PASSWORD: | |
| required: true | |
| CLOUDS_YAML: | |
| required: true | |
| OS_APPLICATION_CREDENTIAL_ID: | |
| required: true | |
| OS_APPLICATION_CREDENTIAL_SECRET: | |
| required: true | |
| jobs: | |
| deploy-aufn: | |
| name: Set up variables and deploy AUFN | |
| environment: ${{ inputs.deployment_type }} | |
| runs-on: arc-aufn-runner-sms | |
| steps: | |
| - name: Install Package | |
| uses: ConorMacBride/install-package@main | |
| with: | |
| apt: git unzip nodejs python3-pip python3-venv openssh-server openssh-client jq sshpass | |
| - name: Start the SSH service | |
| run: | | |
| sudo /etc/init.d/ssh start | |
| # - name: Check if 'Deployment' Lab is already deployed | |
| # uses: softwareforgood/check-artifact-v4-existence@v0 | |
| # with: | |
| # name: ${{ inputs.deployment_type }}-terraform-artifacts | |
| # | |
| # or use a ping command to check if the bastion is up | |
| # | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| - name: Initialise terraform | |
| run: terraform init | |
| - name: Generate clouds.yaml | |
| run: | | |
| cat << EOF > clouds.yaml | |
| ${{ secrets.CLOUDS_YAML }} | |
| EOF | |
| - name: Generate terraform.tfvars | |
| run: | | |
| cat << EOF > terraform.tfvars | |
| lab_count = ${{ inputs.lab_vm_count }} | |
| lab_net_ipv4 = "${{ vars.LAB_NETWORK }}" | |
| image_id = "${{ env.LAB_IMAGE_ID }}" | |
| image_name = "${{ env.LAB_IMAGE_NAME }}" | |
| lab_flavor = "aufn.v1.large" | |
| registry_flavor = "general.v1.medium" | |
| boot_labs_from_volume = true | |
| image_user = "${{ env.LAB_IMAGE_USER }}" | |
| allocate_floating_ips = false | |
| create_bastion = "${{ env.LAB_CREATE_BASTION }}" | |
| EOF | |
| # Conditionally append bastion_floating_ip | |
| if [ "${{ inputs.deployment_type }}" = "Deployment" ]; then | |
| echo 'bastion_floating_ip = "185.45.78.149"' >> terraform.tfvars | |
| fi | |
| if [ "${{ inputs.deployment_type }}" = "Test" ]; then | |
| echo 'reg_sec_grp = ["default","aufn-lab-rules"]' >> terraform.tfvars | |
| fi | |
| env: | |
| LAB_IMAGE_ID: ${{ inputs.os_image == 'Rocky9' && vars.LAB_OS_IMAGE_ROCKY || inputs.os_image == 'Ubuntu' && vars.LAB_OS_IMAGE_UBUNTU }} | |
| LAB_IMAGE_NAME: ${{ inputs.os_image == 'Ubuntu' && 'Ubuntu-22.04' || inputs.os_image }} | |
| LAB_IMAGE_USER: ${{ inputs.os_image == 'Ubuntu' && 'ubuntu' || inputs.os_image == 'Rocky9' && 'rocky' }} | |
| LAB_CREATE_BASTION: ${{ inputs.deployment_type == 'Deployment' && 'true' || 'false' }} | |
| - name: Terraform Plan | |
| run: terraform plan | |
| env: | |
| OS_CLOUD: ${{ vars.OS_CLOUD }} | |
| - name: Terraform Apply | |
| id: tf_apply | |
| run: | | |
| for attempt in $(seq 5); do | |
| if terraform apply -auto-approve; then | |
| sleep 90; | |
| echo "Created infrastructure on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Failed to create infrastructure on attempt $attempt" | |
| sleep 90 | |
| done | |
| echo "Failed to create infrastructure after $attempt attempts" | |
| exit 1 | |
| env: | |
| OS_CLOUD: ${{ vars.OS_CLOUD }} | |
| - name: Get Terraform outputs | |
| id: tf_outputs | |
| run: | | |
| terraform output -json | |
| - name: Write Terraform outputs | |
| run: | | |
| cat << EOF > tf-outputs.yml | |
| ${{ steps.tf_outputs.outputs.stdout }} | |
| EOF | |
| - name: Write out Lab VMs info | |
| run: | | |
| terraform output labs | sed '1d;$d' > ssh_list.txt | |
| - name: Echo Lab VMs info | |
| run: | | |
| echo "Lab VMs info:" | |
| cat ssh_list.txt | |
| - name: Write bastion ssh config file entry | |
| run: | | |
| printf "\nHost bastion\n User ${{ env.LAB_IMAGE_USER }}\n HostName 185.45.78.151\n IdentityFile ~/default.pem" >> ~/.ssh/config | |
| env: | |
| LAB_IMAGE_USER: ${{ inputs.os_image == 'Ubuntu' && 'ubuntu' || inputs.os_image == 'Rocky9' && 'rocky' }} | |
| if: ${{ inputs.deployment_type == 'Deployment' }} | |
| - name: Write out registry VMs info | |
| run: | | |
| terraform output registry_ip | sed '1d;$d' > registry.txt | |
| sed -i 's/"//g' registry.txt | |
| cat registry.txt | |
| - name: Sleep to debug (cancel workflow to clean up) | |
| if: ${{ inputs.deployment_type == 'Test' }} | |
| run: | | |
| # ssh rocky@$(cat registry.txt) -i default.pem -o StrictHostKeyChecking=no | |
| # echo '${BAS_PWD}' | sudo passwd --stdin ${LAB_IMAGE_USER} | |
| # sudo echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config.d/50-cloud-init.conf | |
| # sudo systemctl restart sshd | |
| sleep 3h | |
| env: | |
| LAB_IMAGE_USER: ${{ inputs.os_image == 'Ubuntu' && 'ubuntu' || inputs.os_image == 'Rocky9' && 'rocky' }} | |
| BAS_PWD: ${{ inputs.bas_pwd == '' && secrets.BASTION_TEST_PASSWORD || inputs.bas_pwd }} | |
| - name: Run tests on Lab VMs (Test) | |
| if: ${{ inputs.deployment_type == 'Test' }} | |
| uses: ./.github/actions/aufn-test | |
| with: | |
| au_from_seed: ${{ inputs.au_from_seed }} | |
| os_image: ${{ inputs.os_image }} | |
| taint_rebuild: ${{ inputs.taint_rebuild }} | |
| working_dir: ${{ github.workspace }} | |
| - name: Run tests on Lab VMs (Deployment) | |
| if: ${{ inputs.deployment_type == 'Deployment' }} | |
| uses: ./.github/actions/aufn-deployment | |
| with: | |
| bas_pwd: ${{ env.bas_pwd_var }} | |
| au_from_seed: ${{ inputs.au_from_seed }} | |
| os_image: ${{ inputs.os_image }} | |
| taint_rebuild: ${{ inputs.taint_rebuild }} | |
| working_dir: ${{ github.workspace }} | |
| env: | |
| bas_pwd_var: ${{ inputs.bas_pwd == '' && secrets.BASTION_TEST_PASSWORD || inputs.bas_pwd }} | |
| # - name: Upload Terraform outputs | |
| # if: ${{ inputs.deployment_type == 'Deployment' || inputs.debug_mode == true }} | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: ${{ inputs.deployment_type }}-terraform-artifacts | |
| - name: Pause for debugging (cancel workflow to clean up) | |
| if: always() && ${{ inputs.debug_mode == 'true' }} && ${{ inputs.deployment_type == 'Test' }} | |
| run: | | |
| echo "Pausing for 7d for debugging... cancel manually to proceed." | |
| if true; then sleep 7d; done | |
| - name: Destroy Failed or Test Lab VMs | |
| run: terraform destroy -auto-approve | |
| env: | |
| OS_CLOUD: ${{ vars.OS_CLOUD }} | |
| OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} | |
| OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} | |
| if: always() #&& ${{ inputs.deployment_type }} == 'Test' |