fabiojose/rundeck-openshift-iac.yaml

## rundeck-openshift-iac.yaml
- description: Infrastructure as Code Rollout Deployment
  executionEnabled: true
  group: common/openshift
  id: 67b0ca39-ea27-4668-9f8a-bb447244508a
  loglevel: INFO
  name: openshift-deploy-iac
  nodeFilterEditable: false
  options:
  - description: Openshift Project Namespace
    name: openshift-project
    required: true
  - description: Openshift APP Name
    name: openshift-app
    required: true
  - description: Artifact for Deployment
    name: artifact
    required: true
  - description: The CI Origin Name
    name: ci-name
    required: true
  - description: The CI Origin ID
    name: ci-id
    required: true
  - enforced: true
    name: env
    required: true
    values:
    - dev
    - pre
    - pro
  scheduleEnabled: true
  sequence:
    commands:
    - description: Metadata
      script: |-
        #--#--#--# HOME CONFIGURATION #--#--#--#
        jail="/var/rundeck/projects/oss-opensource/$RD_JOB_EXECID"
        export HOME=$jail
        cd $HOME
        #--#--#--# HOME CONFIGURATION #--#--#--#


        echo "> > > > Metadata"
        echo "openshift-project: $RD_OPTION_OPENSHIFT_PROJECT"
        echo "openshift-app....: $RD_OPTION_OPENSHIFT_APP"
        echo "artifact.........: $RD_OPTION_ARTIFACT"
        echo "ci-name..........: $RD_OPTION_CI_NAME"
        echo "ci-id............: $RD_OPTION_CI_ID"
        echo "environment......: $RD_OPTION_ENV"
        echo "> > > > Metadata"
    - description: Setup
      errorhandler:
        exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
      script: |+
        #--#--#--# CONFIGURATION #--#--#--#
        prjjail="/var/rundeck/projects/oss-opensource"
        jail="$prjjail/$RD_JOB_EXECID"
        export HOME=$jail

        workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
        if [ ! -d "$workdir" ]; then
          mkdir -p $workdir
        fi
        #--#--#--# CONFIGURATION #--#--#--#

    - description: Download the Artifact
      errorhandler:
        exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
      script: |-
        #--#--#--# HOME CONFIGURATION #--#--#--#
        prjjail="/var/rundeck/projects/oss-opensource"
        jail="$prjjail/$RD_JOB_EXECID"
        export HOME=$jail

        workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
        cd $workdir
        #--#--#--# HOME CONFIGURATION #--#--#--#

        filename=$(basename "$RD_OPTION_ARTIFACT")
        file="/tmp/$filename"
        iac="./iac"
        mkdir -p $iac

        echo "> > > > Trying to download '$RD_OPTION_ARTIFACT'"
        wget -q \
             --no-check-certificate \
             --connect-timeout=5 \
             --read-timeout=10 \
             --tries=2 \
             -O "$file" \
             "$RD_OPTION_ARTIFACT"

        if [ $? = 0 ]; then

          tar -xzvf "$file" -C "$iac" --strip-components=1

          if [ $? != 0 ]; then
            echo "> > > > Extraction *failed*"
            exit 3
          fi

        else
          echo "> > > > Download *failed*"
          exit 2
        fi

        echo "> > > > Download success!"
    - description: Terraform Init
      errorhandler:
        exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
      script: |-
        #--#--#--# HOME CONFIGURATION #--#--#--#
        prjjail="/var/rundeck/projects/oss-opensource"
        jail="$prjjail/$RD_JOB_EXECID"
        export HOME=$jail

        workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
        cd $workdir
        #--#--#--# HOME CONFIGURATION #--#--#--#

        # Copy the openshift configuration file
        cp $TERRAFORM_HOME/openshift.tf .

        # Create the dir to save terraform state
        if [ ! -d "state" ]; then
          mkdir state
        fi

        terraform init -no-color

        if [ $? != 0 ]; then
          echo "> > > > *failed* to init Terraform."
          exit 1
        fi
    - description: Get the environment artifacts
      errorhandler:
        exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
      script: |
        #--#--#--# HOME CONFIGURATION #--#--#--#
        prjjail="/var/rundeck/projects/oss-opensource"
        jail="$prjjail/$RD_JOB_EXECID"
        export HOME=$jail

        workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
        cd $workdir
        #--#--#--# HOME CONFIGURATION #--#--#--#

        cd iac

        # Copy all .tf from env folder to iac
        find src/$RD_OPTION_ENV/ -maxdepth 1 -type f | xargs cp -t src/

        ls -al src/$RD_OPTION_ENV/
    - description: Environment Management
      errorhandler:
        exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
      script: |
        #--#--#--# HOME CONFIGURATION #--#--#--#
        prjjail="/var/rundeck/projects/oss-opensource"
        jail="$prjjail/$RD_JOB_EXECID"
        export HOME=$jail

        workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
        cd $workdir
        #--#--#--# HOME CONFIGURATION #--#--#--#

        iac="iac"

        cd $iac

        sed -i "s/iac-deploy-by/rundeck/g" src/variables.tf
        sed -i "s/iac-deploy-name/$RD_JOB_NAME/g" src/variables.tf
        sed -i "s/iac-deploy-id/$RD_JOB_EXECID/g" src/variables.tf
        sed -i "s/iac-deploy-date/$(date +%s%3N)/g" src/variables.tf

        # Process native Openshift resources
        for r in `find src -type f -iname '*.yaml'`
        do

          # For each var in r file
          grep -oh "\${[a-z\._]*}" $r | while read -r var; do
            varnm=$(echo $var | grep -oh "var.[a-z_]*" | cat | cut -d "." -f2)

            # Try to read from variables.tf
            varvl=$(jq -r ".variable.$varnm.default" src/variables.tf)

            if [ -z "$varvl" ] || [ "$varvl" = "null" ]; then
              # If not found, try to read from package.tf
              varvl=$(jq -r ".variable.$varnm.default" src/package.tf)
              if [ -z "$varvl" ] || [ "$varvl" = "null" ]; then
                # If not found, try to read from environment tf file
                varvl=$(jq -r ".variable.$varnm.default" src/$RD_OPTION_ENV.tf)
                if [ -z "$varvl" ] || [ "$varvl" = "null" ]; then
                  varvl="unknown:$varnm"
                fi
              fi
            fi

            # Substitute to value
            sed -i "s|$var|$varvl|g" $r
          done

        done
    - description: Dryrun
      errorhandler:
        exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
      script: |
        #--#--#--# HOME CONFIGURATION #--#--#--#
        prjjail="/var/rundeck/projects/oss-opensource"
        jail="$prjjail/$RD_JOB_EXECID"
        export HOME=$jail

        workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
        cd $workdir
        #--#--#--# HOME CONFIGURATION #--#--#--#

        terraform plan -no-color -var "openshift_url=$OPENSHIFT_URL" -state="state/terraform.tfstate" "iac/src"

        if [ $? != 0 ]; then
          echo "> > > > *failed* to plan Terraform."
          exit 2
        fi

        # Process native Openshift resources
        for r in `find iac/src -type f -iname '*.yaml'`
        do
          oc create -f "$r" \
                    --dry-run=true

          if [ $? != 0 ]; then
            echo "> > > > *failed to plan Openshift resources: $r"
            exit 2
          fi
        done
    - description: Deployment
      errorhandler:
        exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
      script: |
        #--#--#--# HOME CONFIGURATION #--#--#--#
        prjjail="/var/rundeck/projects/oss-opensource"
        jail="$prjjail/$RD_JOB_EXECID"
        export HOME=$jail

        workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
        cd $workdir
        #--#--#--# HOME CONFIGURATION #--#--#--#

        terraform apply -no-color -var "openshift_url=$OPENSHIFT_URL" -state="state/terraform.tfstate" "iac/src"

        if [ $? != 0 ]; then
          echo "> > > > *failed* to apply Terraform."
          exit 1
        fi

        # Process native Openshift resources
        for r in `find iac/src -type f -iname '*.yaml'`
        do
          oc create -f "$r" \
                    -n $RD_OPTION_OPENSHIFT_PROJECT \
                    | tee oc-create.log

          if [ $? != 0 ]; then
            state=$(grep -oh 'AlreadyExists' oc-create.log)

            if [ "$state" != "AlreadyExists" ]; then
              echo "> > > > *failed to apply Openshift resources: $r"
              exit 1
            fi
          fi
        done

        rm -r iac
    keepgoing: false
    strategy: node-first
  uuid: 67b0ca39-ea27-4668-9f8a-bb447244508a
	- description: Infrastructure as Code Rollout Deployment
	executionEnabled: true
	group: common/openshift
	id: 67b0ca39-ea27-4668-9f8a-bb447244508a
	loglevel: INFO
	name: openshift-deploy-iac
	nodeFilterEditable: false
	options:
	- description: Openshift Project Namespace
	name: openshift-project
	required: true
	- description: Openshift APP Name
	name: openshift-app
	required: true
	- description: Artifact for Deployment
	name: artifact
	required: true
	- description: The CI Origin Name
	name: ci-name
	required: true
	- description: The CI Origin ID
	name: ci-id
	required: true
	- enforced: true
	name: env
	required: true
	values:
	- dev
	- pre
	- pro
	scheduleEnabled: true
	sequence:
	commands:
	- description: Metadata
	script: \|-
	#--#--#--# HOME CONFIGURATION #--#--#--#
	jail="/var/rundeck/projects/oss-opensource/$RD_JOB_EXECID"
	export HOME=$jail
	cd $HOME
	#--#--#--# HOME CONFIGURATION #--#--#--#


	echo "> > > > Metadata"
	echo "openshift-project: $RD_OPTION_OPENSHIFT_PROJECT"
	echo "openshift-app....: $RD_OPTION_OPENSHIFT_APP"
	echo "artifact.........: $RD_OPTION_ARTIFACT"
	echo "ci-name..........: $RD_OPTION_CI_NAME"
	echo "ci-id............: $RD_OPTION_CI_ID"
	echo "environment......: $RD_OPTION_ENV"
	echo "> > > > Metadata"
	- description: Setup
	errorhandler:
	exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
	script: \|+
	#--#--#--# CONFIGURATION #--#--#--#
	prjjail="/var/rundeck/projects/oss-opensource"
	jail="$prjjail/$RD_JOB_EXECID"
	export HOME=$jail

	workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
	if [ ! -d "$workdir" ]; then
	mkdir -p $workdir
	fi
	#--#--#--# CONFIGURATION #--#--#--#

	- description: Download the Artifact
	errorhandler:
	exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
	script: \|-
	#--#--#--# HOME CONFIGURATION #--#--#--#
	prjjail="/var/rundeck/projects/oss-opensource"
	jail="$prjjail/$RD_JOB_EXECID"
	export HOME=$jail

	workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
	cd $workdir
	#--#--#--# HOME CONFIGURATION #--#--#--#

	filename=$(basename "$RD_OPTION_ARTIFACT")
	file="/tmp/$filename"
	iac="./iac"
	mkdir -p $iac

	echo "> > > > Trying to download '$RD_OPTION_ARTIFACT'"
	wget -q \
	--no-check-certificate \
	--connect-timeout=5 \
	--read-timeout=10 \
	--tries=2 \
	-O "$file" \
	"$RD_OPTION_ARTIFACT"

	if [ $? = 0 ]; then

	tar -xzvf "$file" -C "$iac" --strip-components=1

	if [ $? != 0 ]; then
	echo "> > > > Extraction failed"
	exit 3
	fi

	else
	echo "> > > > Download failed"
	exit 2
	fi

	echo "> > > > Download success!"
	- description: Terraform Init
	errorhandler:
	exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
	script: \|-
	#--#--#--# HOME CONFIGURATION #--#--#--#
	prjjail="/var/rundeck/projects/oss-opensource"
	jail="$prjjail/$RD_JOB_EXECID"
	export HOME=$jail

	workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
	cd $workdir
	#--#--#--# HOME CONFIGURATION #--#--#--#

	# Copy the openshift configuration file
	cp $TERRAFORM_HOME/openshift.tf .

	# Create the dir to save terraform state
	if [ ! -d "state" ]; then
	mkdir state
	fi

	terraform init -no-color

	if [ $? != 0 ]; then
	echo "> > > > failed to init Terraform."
	exit 1
	fi
	- description: Get the environment artifacts
	errorhandler:
	exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
	script: \|
	#--#--#--# HOME CONFIGURATION #--#--#--#
	prjjail="/var/rundeck/projects/oss-opensource"
	jail="$prjjail/$RD_JOB_EXECID"
	export HOME=$jail

	workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
	cd $workdir
	#--#--#--# HOME CONFIGURATION #--#--#--#

	cd iac

	# Copy all .tf from env folder to iac
	find src/$RD_OPTION_ENV/ -maxdepth 1 -type f \| xargs cp -t src/

	ls -al src/$RD_OPTION_ENV/
	- description: Environment Management
	errorhandler:
	exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
	script: \|
	#--#--#--# HOME CONFIGURATION #--#--#--#
	prjjail="/var/rundeck/projects/oss-opensource"
	jail="$prjjail/$RD_JOB_EXECID"
	export HOME=$jail

	workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
	cd $workdir
	#--#--#--# HOME CONFIGURATION #--#--#--#

	iac="iac"

	cd $iac

	sed -i "s/iac-deploy-by/rundeck/g" src/variables.tf
	sed -i "s/iac-deploy-name/$RD_JOB_NAME/g" src/variables.tf
	sed -i "s/iac-deploy-id/$RD_JOB_EXECID/g" src/variables.tf
	sed -i "s/iac-deploy-date/$(date +%s%3N)/g" src/variables.tf

	# Process native Openshift resources
	for r in `find src -type f -iname '*.yaml'`
	do

	# For each var in r file
	grep -oh "\${[a-z\._]*}" $r \| while read -r var; do
	varnm=$(echo $var \| grep -oh "var.[a-z_]*" \| cat \| cut -d "." -f2)

	# Try to read from variables.tf
	varvl=$(jq -r ".variable.$varnm.default" src/variables.tf)

	if [ -z "$varvl" ] \|\| [ "$varvl" = "null" ]; then
	# If not found, try to read from package.tf
	varvl=$(jq -r ".variable.$varnm.default" src/package.tf)
	if [ -z "$varvl" ] \|\| [ "$varvl" = "null" ]; then
	# If not found, try to read from environment tf file
	varvl=$(jq -r ".variable.$varnm.default" src/$RD_OPTION_ENV.tf)
	if [ -z "$varvl" ] \|\| [ "$varvl" = "null" ]; then
	varvl="unknown:$varnm"
	fi
	fi
	fi

	# Substitute to value
	sed -i "s\|$var\|$varvl\|g" $r
	done

	done
	- description: Dryrun
	errorhandler:
	exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
	script: \|
	#--#--#--# HOME CONFIGURATION #--#--#--#
	prjjail="/var/rundeck/projects/oss-opensource"
	jail="$prjjail/$RD_JOB_EXECID"
	export HOME=$jail

	workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
	cd $workdir
	#--#--#--# HOME CONFIGURATION #--#--#--#

	terraform plan -no-color -var "openshift_url=$OPENSHIFT_URL" -state="state/terraform.tfstate" "iac/src"

	if [ $? != 0 ]; then
	echo "> > > > failed to plan Terraform."
	exit 2
	fi

	# Process native Openshift resources
	for r in `find iac/src -type f -iname '*.yaml'`
	do
	oc create -f "$r" \
	--dry-run=true

	if [ $? != 0 ]; then
	echo "> > > > *failed to plan Openshift resources: $r"
	exit 2
	fi
	done
	- description: Deployment
	errorhandler:
	exec: rm -r /var/rundeck/projects/oss-opensource/$RD_JOB_EXECID
	script: \|
	#--#--#--# HOME CONFIGURATION #--#--#--#
	prjjail="/var/rundeck/projects/oss-opensource"
	jail="$prjjail/$RD_JOB_EXECID"
	export HOME=$jail

	workdir="$prjjail/$RD_OPTION_OPENSHIFT_PROJECT/$RD_OPTION_OPENSHIFT_APP"
	cd $workdir
	#--#--#--# HOME CONFIGURATION #--#--#--#

	terraform apply -no-color -var "openshift_url=$OPENSHIFT_URL" -state="state/terraform.tfstate" "iac/src"

	if [ $? != 0 ]; then
	echo "> > > > failed to apply Terraform."
	exit 1
	fi

	# Process native Openshift resources
	for r in `find iac/src -type f -iname '*.yaml'`
	do
	oc create -f "$r" \
	-n $RD_OPTION_OPENSHIFT_PROJECT \
	\| tee oc-create.log

	if [ $? != 0 ]; then
	state=$(grep -oh 'AlreadyExists' oc-create.log)

	if [ "$state" != "AlreadyExists" ]; then
	echo "> > > > *failed to apply Openshift resources: $r"
	exit 1
	fi
	fi
	done

	rm -r iac
	keepgoing: false
	strategy: node-first
	uuid: 67b0ca39-ea27-4668-9f8a-bb447244508a