diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-05-22 20:55:28 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-05-22 20:55:28 +0200 |
commit | 8d213e2b1c934f6861f76aad5eb7c11097fa97de (patch) | |
tree | 23f8a2d5692deaeffffa1ab5f098b2d24b9e2217 /modules/private/buildbot/projects/caldance | |
parent | a1a8649a2be768685eb04c246c114fce36b8096f (diff) | |
download | Nix-8d213e2b1c934f6861f76aad5eb7c11097fa97de.tar.gz Nix-8d213e2b1c934f6861f76aad5eb7c11097fa97de.tar.zst Nix-8d213e2b1c934f6861f76aad5eb7c11097fa97de.zip |
Move rest of the modules outside of nixops
Diffstat (limited to 'modules/private/buildbot/projects/caldance')
-rw-r--r-- | modules/private/buildbot/projects/caldance/__init__.py | 190 |
1 files changed, 190 insertions, 0 deletions
diff --git a/modules/private/buildbot/projects/caldance/__init__.py b/modules/private/buildbot/projects/caldance/__init__.py new file mode 100644 index 0000000..2c0bad5 --- /dev/null +++ b/modules/private/buildbot/projects/caldance/__init__.py | |||
@@ -0,0 +1,190 @@ | |||
1 | from buildbot.plugins import * | ||
2 | from buildbot_common.build_helpers import * | ||
3 | import os | ||
4 | from buildbot.util import bytes2unicode | ||
5 | import json | ||
6 | |||
7 | __all__ = [ "configure", "E" ] | ||
8 | |||
9 | class E(): | ||
10 | PROJECT = "caldance" | ||
11 | BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT) | ||
12 | SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT) | ||
13 | PB_SOCKET = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT) | ||
14 | RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT) | ||
15 | RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT) | ||
16 | GIT_URL = "gitolite@git.immae.eu:perso/simon_descarpentries/www.cal-dance.com" | ||
17 | SSH_KEY_PATH = "/var/lib/buildbot/buildbot_key" | ||
18 | SSH_HOST_KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF" | ||
19 | LDAP_HOST = "ldap.immae.eu" | ||
20 | LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu" | ||
21 | LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu" | ||
22 | XMPP_RECIPIENTS = os.environ["BUILDBOT_XMPP_RECIPIENTS"].split(" ") | ||
23 | |||
24 | PUPPET_HOST = { | ||
25 | "integration": "root@caldance.immae.eu", | ||
26 | } | ||
27 | |||
28 | # master.cfg | ||
29 | SECRETS_FILE = os.getcwd() + "/secrets" | ||
30 | LDAP_URL = "ldaps://ldap.immae.eu:636" | ||
31 | LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu" | ||
32 | LDAP_BASE = "dc=immae,dc=eu" | ||
33 | LDAP_PATTERN = "(uid=%(username)s)" | ||
34 | LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=caldance,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))" | ||
35 | TITLE_URL = "https://caldance.immae.eu" | ||
36 | TITLE = "Caldance" | ||
37 | |||
38 | class CustomBase(webhooks.base): | ||
39 | def getChanges(self, request): | ||
40 | try: | ||
41 | content = request.content.read() | ||
42 | args = json.loads(bytes2unicode(content)) | ||
43 | except Exception as e: | ||
44 | raise ValueError("Error loading JSON: " + str(e)) | ||
45 | |||
46 | args.setdefault("comments", "") | ||
47 | args.setdefault("repository", "") | ||
48 | args.setdefault("author", args.get("who", "unknown")) | ||
49 | |||
50 | if args["category"] == "deploy_webhook": | ||
51 | args = { | ||
52 | "category": "deploy_webhook", | ||
53 | "comments": "", | ||
54 | "repository": "", | ||
55 | "author": "webhook", | ||
56 | "project": "Caldance", | ||
57 | "properties": { | ||
58 | "environment": args.get("environment", "integration"), | ||
59 | "build": "caldance_{}.tar.gz".format(args.get("build", "master")) | ||
60 | } | ||
61 | } | ||
62 | |||
63 | return ([args], None) | ||
64 | |||
65 | def deploy_hook_scheduler(project, timer=1): | ||
66 | return schedulers.AnyBranchScheduler( | ||
67 | change_filter=util.ChangeFilter(category="deploy_webhook", project=project), | ||
68 | name="{}_deploy".format(project), treeStableTimer=timer, builderNames=["{}_deploy".format(project)]) | ||
69 | |||
70 | def configure(c): | ||
71 | c["buildbotURL"] = E.BUILDBOT_URL | ||
72 | c["www"]["port"] = E.SOCKET | ||
73 | |||
74 | c["www"]["change_hook_dialects"]["base"] = { | ||
75 | "custom_class": CustomBase | ||
76 | } | ||
77 | c['workers'].append(worker.LocalWorker("generic-worker")) | ||
78 | c['workers'].append(worker.LocalWorker("deploy-worker")) | ||
79 | |||
80 | c['schedulers'].append(hook_scheduler("Caldance", timer=1)) | ||
81 | c['schedulers'].append(force_scheduler("force_caldance", ["Caldance_build"])) | ||
82 | c['schedulers'].append(deploy_scheduler("deploy_caldance", ["Caldance_deploy"])) | ||
83 | c['schedulers'].append(deploy_hook_scheduler("Caldance", timer=1)) | ||
84 | |||
85 | c['builders'].append(factory("caldance")) | ||
86 | |||
87 | c['builders'].append(deploy_factory("caldance")) | ||
88 | |||
89 | c['services'].append(SlackStatusPush( | ||
90 | name="slack_status_caldance", | ||
91 | builders=["Caldance_build", "Caldance_deploy"], | ||
92 | serverUrl=open(E.SECRETS_FILE + "/slack_webhook", "r").read().rstrip())) | ||
93 | c['services'].append(XMPPStatusPush( | ||
94 | name="xmpp_status_caldance", | ||
95 | builders=["Caldance_build", "Caldance_deploy"], | ||
96 | recipients=E.XMPP_RECIPIENTS, | ||
97 | password=open(E.SECRETS_FILE + "/notify_xmpp_password", "r").read().rstrip())) | ||
98 | |||
99 | def factory(project, ignore_fails=False): | ||
100 | release_file = "{1}/{0}_%(kw:clean_branch)s.tar.gz" | ||
101 | |||
102 | package = util.Interpolate("{0}_%(kw:clean_branch)s.tar.gz".format(project), clean_branch=clean_branch) | ||
103 | package_dest = util.Interpolate(release_file.format(project, E.RELEASE_PATH), clean_branch=clean_branch) | ||
104 | package_url = util.Interpolate(release_file.format(project, E.RELEASE_URL), clean_branch=clean_branch) | ||
105 | |||
106 | factory = util.BuildFactory() | ||
107 | factory.addStep(steps.Git(logEnviron=False, repourl=E.GIT_URL, | ||
108 | sshPrivateKey=open(E.SSH_KEY_PATH).read().rstrip(), | ||
109 | sshHostKey=E.SSH_HOST_KEY, mode="full", method="copy")) | ||
110 | factory.addSteps(package_and_upload(package, package_dest, package_url)) | ||
111 | |||
112 | return util.BuilderConfig( | ||
113 | name="{}_build".format(project.capitalize()), | ||
114 | workernames=["generic-worker"], factory=factory) | ||
115 | |||
116 | def compute_build_infos(project): | ||
117 | @util.renderer | ||
118 | def compute(props): | ||
119 | import re, hashlib | ||
120 | build_file = props.getProperty("build") | ||
121 | package_dest = "{1}/{0}".format(build_file, E.RELEASE_PATH) | ||
122 | version = re.match(r"{0}_(.*).tar.gz".format(project), build_file).group(1) | ||
123 | with open(package_dest, "rb") as f: | ||
124 | sha = hashlib.sha256(f.read()).hexdigest() | ||
125 | return { | ||
126 | "build_version": version, | ||
127 | "build_hash": sha, | ||
128 | } | ||
129 | return compute | ||
130 | |||
131 | @util.renderer | ||
132 | def puppet_host(props): | ||
133 | environment = props["environment"] if props.hasProperty("environment") else "integration" | ||
134 | return E.PUPPET_HOST.get(environment, "host.invalid") | ||
135 | |||
136 | def deploy_factory(project): | ||
137 | package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH)) | ||
138 | |||
139 | factory = util.BuildFactory() | ||
140 | factory.addStep(steps.MasterShellCommand(command=["test", "-f", package_dest])) | ||
141 | factory.addStep(steps.SetProperties(properties=compute_build_infos(project))) | ||
142 | factory.addStep(LdapPush(environment=util.Property("environment"), | ||
143 | project=project, build_version=util.Property("build_version"), | ||
144 | build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap"))) | ||
145 | factory.addStep(steps.MasterShellCommand(command=[ | ||
146 | "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host])) | ||
147 | return util.BuilderConfig(name="{}_deploy".format(project.capitalize()), workernames=["deploy-worker"], factory=factory) | ||
148 | |||
149 | from twisted.internet import defer | ||
150 | from buildbot.process.buildstep import FAILURE | ||
151 | from buildbot.process.buildstep import SUCCESS | ||
152 | from buildbot.process.buildstep import BuildStep | ||
153 | |||
154 | class LdapPush(BuildStep): | ||
155 | name = "LdapPush" | ||
156 | renderables = ["environment", "project", "build_version", "build_hash", "ldap_password"] | ||
157 | |||
158 | def __init__(self, **kwargs): | ||
159 | self.environment = kwargs.pop("environment") | ||
160 | self.project = kwargs.pop("project") | ||
161 | self.build_version = kwargs.pop("build_version") | ||
162 | self.build_hash = kwargs.pop("build_hash") | ||
163 | self.ldap_password = kwargs.pop("ldap_password") | ||
164 | self.ldap_host = kwargs.pop("ldap_host", E.LDAP_HOST) | ||
165 | super().__init__(**kwargs) | ||
166 | |||
167 | def run(self): | ||
168 | import json | ||
169 | from ldap3 import Reader, Writer, Server, Connection, ObjectDef | ||
170 | server = Server(self.ldap_host) | ||
171 | conn = Connection(server, | ||
172 | user=E.LDAP_DN, | ||
173 | password=self.ldap_password) | ||
174 | conn.bind() | ||
175 | obj = ObjectDef("immaePuppetClass", conn) | ||
176 | r = Reader(conn, obj, | ||
177 | "cn=caldance.{},{}".format(self.environment, E.LDAP_ROLES_BASE)) | ||
178 | r.search() | ||
179 | if len(r) > 0: | ||
180 | w = Writer.from_cursor(r) | ||
181 | for value in w[0].immaePuppetJson.values: | ||
182 | config = json.loads(value) | ||
183 | if "role::caldance::{}_version".format(self.project) in config: | ||
184 | config["role::caldance::{}_version".format(self.project)] = self.build_version | ||
185 | config["role::caldance::{}_sha256".format(self.project)] = self.build_hash | ||
186 | w[0].immaePuppetJson -= value | ||
187 | w[0].immaePuppetJson += json.dumps(config, indent=" ") | ||
188 | w.commit() | ||
189 | return defer.succeed(SUCCESS) | ||
190 | return defer.succeed(FAILURE) | ||