Skip to content

Commit

Permalink
feat/DO-1609: build amis on different accounts (#24)
Browse files Browse the repository at this point in the history 
Build AMIs on operations-0 account when ran on main branch and on operations-dev-0 account when ran on dev branch. master uses old pipeline and builds on production-0 account
  • Loading branch information
@filippoh
filippoh authored Mar 29, 2023
1 parent a188f48 commit 9a72a9c
Show file tree
Hide file tree
Showing 3 changed files with 93 additions and 140 deletions.
172 changes: 45 additions & 127 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
@@ -1,174 +1,92 @@
version: 2.1

# Inline dd agent orb definition
orbs:
dd-agent:
commands:
setup:
description: "Installs and starts the Datadog Agent"
parameters:
api_key:
type: env_var_name
description: The name of the environmental variable containing the API key
default: DD_API_KEY
agent_major_version:
type: string
description: The major version of the agent to use
default: "7"
site:
type: string
description: The datadog site to send data to. If the environment variable DD_SITE is set that will take preference.
default: "datadoghq.com"
steps:
- run:
environment:
PARAM_DD_API_KEY: <<parameters.api_key>>
PARAM_DD_AGENT_MAJOR_VERSION: <<parameters.agent_major_version>>
PARAM_DD_SITE: <<parameters.site>>
name: Install and start the Datadog Agent
working_directory: /tmp
command: |
Install() {
PARAM_DD_API_KEY=$(eval echo "\$$PARAM_DD_API_KEY")
if [[ -n "${DD_SITE}" ]]; then
PARAM_DD_SITE=${DD_SITE}
fi
DD_API_KEY=${PARAM_DD_API_KEY} DD_AGENT_MAJOR_VERSION=${PARAM_DD_AGENT_MAJOR_VERSION} DD_SITE=${PARAM_DD_SITE} \
DD_HOSTNAME="none" DD_INSTALL_ONLY="true" DD_APM_ENABLED="true" \
bash -c "$(curl -L https://s3.amazonaws.com/dd-agent/scripts/install_script.sh)"
if [ "$UID" = "0" ]; then export SUDO=''; else export SUDO='sudo'; fi
$SUDO find /etc/datadog-agent/conf.d/ -iname "*.yaml.default" -delete
$SUDO service datadog-agent start
set +e
attempts=0
until [[ $attempts -eq 10 ]] || $SUDO datadog-agent health; do
attempts=$((attempts+1))
sleep_time=$(( attempts*5 < 30 ? attempts*5 : 30 ))
echo "Waiting for agent to start up sleeping for ${sleep_time} seconds"
sleep $sleep_time
done
if [[ $attempts -eq 10 ]]; then
echo "Could not start the agent"
exit 1
else
echo "Agent is ready"
fi
}
# Will not run if sourced for bats-core tests.
# View src/tests for more information.
ORB_TEST_ENV="bats-core"
if [ "${0#*$ORB_TEST_ENV}" == "$0" ]; then
Install
fi
stop:
description: "Gracefully stop the Datadog Agent"
steps:
- run:
when: always
name: Gracefully stop the Datadog Agent
command: |
StopAgent() {
if [ "$UID" = "0" ]; then export SUDO=''; else export SUDO='sudo'; fi
$SUDO service datadog-agent stop
}
# Will not run if sourced for bats-core tests.
# View src/tests for more information.
ORB_TEST_ENV="bats-core"
if [ "${0#*$ORB_TEST_ENV}" == "$0" ]; then
StopAgent
fi
# workflow jobs definition
jobs:
prepare_env:
# job to prepare build environment
docker:
- image: ${AWS_ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/devops/ci/base:latest
- image: 411466821576.dkr.ecr.us-west-2.amazonaws.com/devops/ci/packer:0.0.1
working_directory: ~/aws_ecr_ami
steps:
- checkout:
path: ~/aws_ecr_ami
- dd-agent/setup
- run:
name: Prepare env for build
command: echo 'export BUILD_TAG="${CIRCLE_BRANCH}-${CIRCLE_BUILD_NUM}-$(git rev-parse --verify HEAD | cut -c1-8)"' >> ${BASH_ENV}
- persist_to_workspace:
root: "~"
paths:
- aws_ecr_ami
- dd-agent/stop
validate:
# job to validate aws ecr ami image
docker:
- image: ${AWS_ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/devops/ci/base:latest
- image: 411466821576.dkr.ecr.us-west-2.amazonaws.com/devops/ci/packer:0.0.1
steps:
- attach_workspace:
at: .
- dd-agent/setup
- run:
name: Packer Validate
command: cd aws_ecr_ami && make -e -j2 all-validate
- dd-agent/stop
build:
# job to build aws ecr ami image
docker:
- image: ${AWS_ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/devops/ci/base:latest
- image: 411466821576.dkr.ecr.us-west-2.amazonaws.com/devops/ci/packer:0.0.1
steps:
- attach_workspace:
at: .
- dd-agent/setup
- run:
name: Prepare BUILD_TAG env
command: |
NORMALIZED_BRANCH_NAME=$(echo ${CIRCLE_BRANCH} | sed 's/[^a-zA-Z0-9]/-/g' | cut -c 1-50)
echo "export BUILD_TAG=${NORMALIZED_BRANCH_NAME}-${CIRCLE_BUILD_NUM}-${CIRCLE_SHA1::7}" >> ${BASH_ENV}
- run:
name: Packer build
# AWS sometimes take really long to finish ami build.
# By default, Crircle CI have 10 minutes timeout without response,
# By default, Circle CI have 10 minutes timeout without response,
# so we must extend that timeout limit to be sure that ami build can pass
no_output_timeout: 60m
command: cd aws_ecr_ami && make -e -j2 all
- dd-agent/stop
mock-test:
# Mock test to trigger integration with datadog
docker:
- image: ${AWS_ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/devops/ci/base:latest
steps:
- attach_workspace:
at: .
- dd-agent/setup
- run:
name: Dummy test
command: |
python3 -m venv venv
source venv/bin/activate
pip install pytest ddtrace
DD_SERVICE=${DD_SERVICE} DD_ENV=${DD_ENV} pytest test.py --ddtrace
- dd-agent/stop
workflows:
aws_eks_ami:
jobs:
- prepare_env:
context: CICD
context: AWS_OPERATIONS_DEV_0
- validate:
context: CICD
name: validate main
context:
- AWS_OPERATIONS_0
- PACKER_OPERATIONS_0
filters:
branches:
only:
- main
requires:
- prepare_env
- validate:
name: validate dev
context:
- AWS_OPERATIONS_DEV_0
- PACKER_OPERATIONS_DEV_0
filters:
branches:
only:
- dev
requires:
- prepare_env
- build:
context: CICD
name: build main
context:
- AWS_OPERATIONS_0
- PACKER_OPERATIONS_0
requires:
- validate
- validate main
filters:
branches:
only:
- master
- mock-test:
context: CICD
- main
- build:
name: build dev
context:
- AWS_OPERATIONS_DEV_0
- PACKER_OPERATIONS_DEV_0
requires:
- validate
- build
- validate dev
filters:
branches:
only:
- dev
41 changes: 33 additions & 8 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,21 @@ PACKER_BINARY = docker run -v /mnt/credentials:/root/.aws/credentials \
876270261134.dkr.ecr.us-west-2.amazonaws.com/devops/packer:1.6.1
PACKER_VARIABLES := aws_region ami_name binary_bucket_name binary_bucket_region kubernetes_version kubernetes_build_date kernel_version docker_version containerd_version runc_version cni_plugin_version source_ami_id source_ami_owners source_ami_filter_name arch instance_type security_group_id additional_yum_repos pull_cni_from_github sonobuoy_e2e_registry build_tag encrypted

ifndef VPC_ID
$(error VPC_ID is undefined)
endif

ifndef SUBNET_ID
$(error SUBNET_ID is undefined)
endif

ifndef AMI_USERS
$(error AMI_USERS is undefined)
endif

ifndef KMS_KEY_ID
$(error KMS_KEY_ID is undefined)
endif

#PACKER_BINARY ?= packer
#PACKER_VARIABLES := aws_region ami_name binary_bucket_name binary_bucket_region kubernetes_version kubernetes_build_date kernel_version docker_version containerd_version runc_version cni_plugin_version source_ami_id source_ami_owners source_ami_filter_name arch instance_type security_group_id additional_yum_repos pull_cni_from_github sonobuoy_e2e_registry
Expand Down Expand Up @@ -43,9 +58,11 @@ T_YELLOW := \e[0;33m
T_RESET := \e[0m

.PHONY: all 1.18 1.19 1.20 1.21 1.22
all: 1.21

all-validate: 1.21
all: 1.22-build

all-validate: 1.22-validate


.PHONY: k8s
k8s: validate
Expand All @@ -70,16 +87,24 @@ k8s: validate
1.20-build:
$(MAKE) ci-build kubernetes_version=1.20.11 kubernetes_build_date=2021-11-10 pull_cni_from_github=true

.PHONY: 1.21
1.21:
.PHONY: 1.21-validate
1.21-validate:
$(MAKE) ci-validate kubernetes_version=1.21.14 kubernetes_build_date=2022-10-31 pull_cni_from_github=true

.PHONY: 1.21-build
1.21-build:
$(MAKE) ci-build kubernetes_version=1.21.14 kubernetes_build_date=2022-10-31 pull_cni_from_github=true

.PHONY: 1.22
1.22:
$(MAKE) ci-build kubernetes_version=1.22.6 kubernetes_build_date=2022-03-09 pull_cni_from_github=true
.PHONY: 1.22-validate
1.22-validate:
$(MAKE) ci-validate kubernetes_version=1.22.17 kubernetes_build_date=2023-01-30 pull_cni_from_github=true

.PHONY: 1.22-build
1.22-build:
$(MAKE) ci-build kubernetes_version=1.22.17 kubernetes_build_date=2023-01-30 pull_cni_from_github=true

# Circle CI pipeline
.PHONY: ci-valiedate
.PHONY: ci-validate
ci-validate:
$(P) validate $(foreach packerVar,$(PACKER_VARIABLES), $(if $($(packerVar)),--var $(packerVar)='$($(packerVar))',)) eks-worker-al2.json

Expand Down
20 changes: 15 additions & 5 deletions eks-worker-al2.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"ami_name": null,
"creator": "{{env `USER`}}",
"encrypted": "false",
"kms_key_id": "",
"kms_key_id": "{{env `KMS_KEY_ID`}}",
"aws_access_key_id": "{{env `AWS_ACCESS_KEY_ID`}}",
"aws_secret_access_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
"aws_session_token": "{{env `AWS_SESSION_TOKEN`}}",
Expand All @@ -15,7 +15,7 @@
"kernel_version": "",
"docker_version": "20.10.17-1.amzn2.0.1",
"containerd_version": "1.6.6-1.amzn2.0.2",
"runc_version": "1.1.3-1.amzn2.0.2",
"runc_version": "1.1.4-1.amzn2",
"cni_plugin_version": "v0.8.6",
"pull_cni_from_github": "true",
"source_ami_id": "",
Expand All @@ -30,10 +30,11 @@
"temporary_security_group_source_cidrs": "",
"security_group_id": "",
"associate_public_ip_address": "",
"subnet_id": "",
"vpc_id": "{{env `VPC_ID`}}",
"subnet_id": "{{env `SUBNET_ID`}}",
"remote_folder": "",
"launch_block_device_mappings_volume_size": "4",
"ami_users": "",
"ami_users": "{{env `AMI_USERS`}}",
"additional_yum_repos": "",
"sonobuoy_e2e_registry": ""
},
Expand Down Expand Up @@ -84,12 +85,21 @@
"encrypt_boot": "{{user `encrypted`}}",
"kms_key_id": "{{user `kms_key_id`}}",
"run_tags": {
"creator": "{{user `creator`}}"
"creator": "{{user `creator`}}",
"Creator": "Packer"
},
"run_volume_tags":{
"Creator": "Packer"
},
"snapshot_tags": {
"Creator": "Packer"
},
"vpc_id": "{{user `vpc_id`}}",
"subnet_id": "{{user `subnet_id`}}",
"tags": {
"Name": "{{user `ami_name`}}",
"created": "{{timestamp}}",
"Creator": "Packer",
"docker_version": "{{ user `docker_version`}}",
"containerd_version": "{{ user `containerd_version`}}",
"source_ami_id": "{{ user `source_ami_id`}}",
Expand Down

0 comments on commit 9a72a9c

Please sign in to comment.