Skip to content

Instantly share code, notes, and snippets.

@bbratchiv
Created September 11, 2023 07:49
Show Gist options
  • Save bbratchiv/dab28cd5d6cb52599cd4328a353b1293 to your computer and use it in GitHub Desktop.
Save bbratchiv/dab28cd5d6cb52599cd4328a353b1293 to your computer and use it in GitHub Desktop.
Jenkins pipeline to restart ECS service, use of AWS cli
properties([
parameters([
[$class: 'ChoiceParameter',
choiceType: 'PT_SINGLE_SELECT',
description: 'Select env from the Dropdown List',
filterable: false,
name: 'environment',
script: [
$class: 'GroovyScript',
fallbackScript: [
classpath: [],
sandbox: true,
script:
"return['Could not get envs']"
],
script: [
classpath: [],
sandbox: true,
script:
"return ['qa','stage','prod']"
]
]
],
[$class: 'ChoiceParameter',
choiceType: 'PT_SINGLE_SELECT',
description: 'Select region from the Dropdown List',
filterable: false,
name: 'region',
script: [
$class: 'GroovyScript',
fallbackScript: [
classpath: [],
sandbox: false,
script:
"return['Could not get region']"
],
script: [
classpath: [],
sandbox: true,
script:
"return['eu-central-1', 'eu-west-2', 'us-east-1']"
]
]
],
[$class: 'CascadeChoiceParameter',
choiceType: 'PT_SINGLE_SELECT',
description: 'Select cluster from the Dropdown List. Wait a couple of seconds',
filterable: false,
name: 'cluster',
referencedParameters: 'environment,region',
script: [
$class: 'GroovyScript',
fallbackScript: [
classpath: [],
sandbox: false,
script:
"return['Could not get cluster']"
],
script: [
classpath: [],
sandbox: false,
script:
"""
import groovy.json.JsonSlurperClassic
def account_id=""
if (environment.equals("qa")){
account_id = "123"
}
else if (environment.equals("stage")){
account_id = "456"
}
else if (environment.equals("prod")){
account_id = "789"
}
def cmd = "aws-auth --role-arn arn:aws:iam::\${account_id}:role/allow-auto-deploy-from-other-accounts --role-duration-seconds 900"
def comm = cmd.execute()
def sedExport = "sed s/export/env/g".execute()
def sedQuote = "sed s/'//g".execute()
def sedNewLine = ['tr', '\\'\\n\\'', '\\' \\''].execute()
def auth_string = comm | sedExport | sedQuote | sedNewLine
auth_string.waitFor()
def final_command = auth_string.text + " aws ecs list-clusters --region " + region
def res = final_command.execute()
res.waitFor()
//print res.text
// Parse JSON into Groovy object
def data = new JsonSlurperClassic().parseText(res.text)
def clusters = []
data.clusterArns.each {
clusters.add(it.split('/')[1])
}
return clusters.sort()
"""
]
]
],
[$class: 'CascadeChoiceParameter',
choiceType: 'PT_MULTI_SELECT',
description: 'Select service from the Dropdown List. Wait a couple of seconds. Supports multiple selection',
filterable: false,
name: 'service',
referencedParameters: 'environment,region,cluster',
script: [
$class: 'GroovyScript',
fallbackScript: [
classpath: [],
sandbox: false,
script:
"return['Could not get service']"
],
script: [
classpath: [],
sandbox: false,
script:
"""
import groovy.json.JsonSlurperClassic
def account_id=""
if (environment.equals("qa")){
account_id = "123"
}
else if (environment.equals("stage")){
account_id = "3456"
}
else if (environment.equals("prod")){
account_id = "678"
}
def cmd = "aws-auth --role-arn arn:aws:iam::\${account_id}:role/allow-auto-deploy-from-other-accounts --role-duration-seconds 900"
def comm = cmd.execute()
def sedExport = "sed s/export/env/g".execute()
def sedQuote = "sed s/'//g".execute()
def sedNewLine = ['tr', '\\'\\n\\'', '\\' \\''].execute()
def auth_string = comm | sedExport | sedQuote | sedNewLine
auth_string.waitFor()
def final_command = auth_string.text + " aws ecs list-services --cluster " + cluster + " --region " + region
def res = final_command.execute()
res.waitFor()
//print res.text
// Parse JSON into Groovy object
def data = new JsonSlurperClassic().parseText(res.text)
def services = []
data.serviceArns.each {
services.add(it.split('/')[2])
}
services -= "node-exporter"
services -= "fluent-bit"
services -= "cAdvisor"
return services.sort()
"""
]
]
]
])
])
pipeline {
agent { label 'master' }
stages {
stage('Restart service') {
steps {
script {
currentBuild.displayName = "#${BUILD_NUMBER} ${params.environment} ${params.region} ${params.service}"
}
println "Cluster Name: ${cluster}"
println "Service Name: ${service}"
sh '''
set +x
case $environment in
"qa")
account_id="123"
;;
"stage")
account_id="456"
;;
"prod")
account_id="789"
;;
esac
# Assume deploy role from proper account
eval $(aws-auth --role-arn arn:aws:iam::$account_id:role/allow-auto-deploy-from-other-accounts --role-duration-seconds 900)
# Set Input Field Separator as comma
IFS=","
for i in $service; do
aws ecs update-service --region $region --service $i --cluster $cluster --force-new-deployment --query 'service.taskDefinition'
done
aws ecs wait services-stable --region $region --cluster $cluster --services $service
echo "Service $service has been restarted"
'''
}
}
}
}
@bbratchiv
Copy link
Author

aws-auth is a script that assumes IAM role in AWS account and exports temporary AWS credentials into the terminal.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment