backport of commit 9afd5e52ae31d6c3b7ab6833836647392bb318e6 (#23478)
Co-authored-by: Ryan Cragun <me@ryan.ec>
This commit is contained in:
parent
92997859cd
commit
7624576e39
|
@ -128,16 +128,15 @@ jobs:
|
||||||
- if: contains(inputs.sample-name, 'ent')
|
- if: contains(inputs.sample-name, 'ent')
|
||||||
name: Configure Vault license
|
name: Configure Vault license
|
||||||
run: echo "${{ secrets.VAULT_LICENSE }}" > ./enos/support/vault.hclic || true
|
run: echo "${{ secrets.VAULT_LICENSE }}" > ./enos/support/vault.hclic || true
|
||||||
- name: Run Enos scenario
|
- id: launch
|
||||||
id: run
|
name: enos scenario launch ${{ matrix.scenario.id.filter }}
|
||||||
# Continue once and retry to handle occasional blips when creating
|
# Continue once and retry to handle occasional blips when creating infrastructure.
|
||||||
# infrastructure.
|
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
run: enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.scenario.id.filter }}
|
run: enos scenario launch --timeout 60m0s --chdir ./enos ${{ matrix.scenario.id.filter }}
|
||||||
- name: Retry Enos scenario if necessary
|
- if: steps.launch.outcome == 'failure'
|
||||||
id: run_retry
|
id: launch_retry
|
||||||
if: steps.run.outcome == 'failure'
|
name: Retry enos scenario launch ${{ matrix.scenario.id.filter }}
|
||||||
run: enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.scenario.id.filter }}
|
run: enos scenario launch --timeout 60m0s --chdir ./enos ${{ matrix.scenario.id.filter }}
|
||||||
- name: Upload Debug Data
|
- name: Upload Debug Data
|
||||||
if: failure()
|
if: failure()
|
||||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||||
|
@ -147,11 +146,14 @@ jobs:
|
||||||
path: ${{ env.ENOS_DEBUG_DATA_ROOT_DIR }}
|
path: ${{ env.ENOS_DEBUG_DATA_ROOT_DIR }}
|
||||||
retention-days: 30
|
retention-days: 30
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
- name: Ensure scenario has been destroyed
|
- if: ${{ always() }}
|
||||||
id: destroy
|
id: destroy
|
||||||
if: ${{ always() }}
|
name: enos scenario destroy ${{ matrix.scenario.id.filter }}
|
||||||
# With Enos version 0.0.11 the destroy step returns an error if the infrastructure
|
continue-on-error: true
|
||||||
# is already destroyed by enos run. So temporarily setting it to continue on error in GHA
|
run: enos scenario destroy --timeout 60m0s --chdir ./enos ${{ matrix.scenario.id.filter }}
|
||||||
|
- if: steps.destroy.outcome == 'failure'
|
||||||
|
id: destroy_retry
|
||||||
|
name: Retry enos scenario destroy ${{ matrix.scenario.id.filter }}
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
run: enos scenario destroy --timeout 60m0s --chdir ./enos ${{ matrix.scenario.id.filter }}
|
run: enos scenario destroy --timeout 60m0s --chdir ./enos ${{ matrix.scenario.id.filter }}
|
||||||
- name: Clean up Enos runtime directories
|
- name: Clean up Enos runtime directories
|
||||||
|
@ -162,28 +164,34 @@ jobs:
|
||||||
rm -rf /tmp/enos*
|
rm -rf /tmp/enos*
|
||||||
rm -rf ./enos/support
|
rm -rf ./enos/support
|
||||||
rm -rf ./enos/.enos
|
rm -rf ./enos/.enos
|
||||||
# Send a Slack notification to #feed-vault-enos-failures if the 'run' step fails.
|
# Send slack notifications to #feed-vault-enos-failures any of our enos scenario commands fail.
|
||||||
# There is an incoming webhook set up on the "Enos Vault Failure Bot" Slackbot https://api.slack.com/apps/A05E31CH1LG/incoming-webhooks
|
# There is an incoming webhook set up on the "Enos Vault Failure Bot" Slackbot:
|
||||||
- name: Send Slack notification on Enos run failure
|
# https://api.slack.com/apps/A05E31CH1LG/incoming-webhooks
|
||||||
|
- if: ${{ always() && ! cancelled() }}
|
||||||
|
name: Notify launch failed
|
||||||
uses: hashicorp/actions-slack-status@v1
|
uses: hashicorp/actions-slack-status@v1
|
||||||
if: ${{ always() && ! cancelled() }}
|
|
||||||
with:
|
with:
|
||||||
failure-message: "An Enos scenario `run` failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`"
|
failure-message: "enos scenario launch ${{ matrix.scenario.id.filter}} failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`"
|
||||||
status: ${{ steps.run.outcome }}
|
status: ${{ steps.launch.outcome }}
|
||||||
slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
|
slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||||
# Send a Slack notification to #feed-vault-enos-failures if the 'run_retry' step fails.
|
- if: ${{ always() && ! cancelled() }}
|
||||||
- name: Send Slack notification on Enos run_retry failure
|
name: Notify retry launch failed
|
||||||
uses: hashicorp/actions-slack-status@v1
|
uses: hashicorp/actions-slack-status@v1
|
||||||
if: ${{ always() && ! cancelled() }}
|
|
||||||
with:
|
with:
|
||||||
failure-message: "An Enos scenario `run_retry` failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`"
|
failure-message: "retry enos scenario launch ${{ matrix.scenario.id.filter}} failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`"
|
||||||
status: ${{ steps.run_retry.outcome }}
|
status: ${{ steps.launch_retry.outcome }}
|
||||||
slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
|
slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||||
# Send a Slack notification to #feed-vault-enos-failures if the 'destroy' step fails.
|
- if: ${{ always() && ! cancelled() }}
|
||||||
- name: Send Slack notification on Enos destroy failure
|
name: Notify destroy failed
|
||||||
uses: hashicorp/actions-slack-status@v1
|
uses: hashicorp/actions-slack-status@v1
|
||||||
if: ${{ always() && ! cancelled() }}
|
|
||||||
with:
|
with:
|
||||||
failure-message: "An Enos scenario `destroy` failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`"
|
failure-message: "enos scenario destroy ${{ matrix.scenario.id.filter}} failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`"
|
||||||
status: ${{ steps.destroy.outcome }}
|
status: ${{ steps.destroy.outcome }}
|
||||||
slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
|
slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||||
|
- if: ${{ always() && ! cancelled() }}
|
||||||
|
name: Notify retry destroy failed
|
||||||
|
uses: hashicorp/actions-slack-status@v1
|
||||||
|
with:
|
||||||
|
failure-message: "retry enos scenario destroy ${{ matrix.scenario.id.filter}} failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`"
|
||||||
|
status: ${{ steps.destroy_retry.outcome }}
|
||||||
|
slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||||
|
|
|
@ -446,6 +446,7 @@ scenario "replication" {
|
||||||
module = module.vault_setup_perf_primary
|
module = module.vault_setup_perf_primary
|
||||||
depends_on = [
|
depends_on = [
|
||||||
step.get_primary_cluster_ips,
|
step.get_primary_cluster_ips,
|
||||||
|
step.get_secondary_cluster_ips,
|
||||||
step.write_test_data_on_primary
|
step.write_test_data_on_primary
|
||||||
]
|
]
|
||||||
|
|
||||||
|
@ -811,6 +812,11 @@ scenario "replication" {
|
||||||
value = step.create_secondary_cluster.root_token
|
value = step.create_secondary_cluster.root_token
|
||||||
}
|
}
|
||||||
|
|
||||||
|
output "performance_secondary_token" {
|
||||||
|
description = "The performance secondary replication token"
|
||||||
|
value = step.generate_secondary_token.secondary_token
|
||||||
|
}
|
||||||
|
|
||||||
output "remaining_hosts" {
|
output "remaining_hosts" {
|
||||||
description = "The Vault cluster primary hosts after removing the leader and follower"
|
description = "The Vault cluster primary hosts after removing the leader and follower"
|
||||||
value = step.get_remaining_hosts_replication_data.remaining_hosts
|
value = step.get_remaining_hosts_replication_data.remaining_hosts
|
||||||
|
|
|
@ -25,13 +25,15 @@ while :; do
|
||||||
# Vault >= 1.10.x has the operator members. If we have that then we'll use it.
|
# Vault >= 1.10.x has the operator members. If we have that then we'll use it.
|
||||||
if $binpath operator -h 2>&1 | grep members &> /dev/null; then
|
if $binpath operator -h 2>&1 | grep members &> /dev/null; then
|
||||||
# Get the folllowers that are part of our private ips.
|
# Get the folllowers that are part of our private ips.
|
||||||
if followers=$($binpath operator members -format json | jq --argjson expected "$VAULT_INSTANCE_PRIVATE_IPS" -c '.Nodes | map(select(any(.; .active_node==false)) | .api_address | scan("[0-9]+.[0-9]+.[0-9]+.[0-9]+")) as $followers | $expected - ($expected - $followers)'); then
|
if members=$($binpath operator members -format json); then
|
||||||
|
if followers=$(echo "$members" | jq --argjson expected "$VAULT_INSTANCE_PRIVATE_IPS" -c '.Nodes | map(select(any(.; .active_node==false)) | .api_address | scan("[0-9]+.[0-9]+.[0-9]+.[0-9]+")) as $followers | $expected - ($expected - $followers)'); then
|
||||||
# Make sure that we got all the followers
|
# Make sure that we got all the followers
|
||||||
if jq --argjson expected "$VAULT_INSTANCE_PRIVATE_IPS" --argjson followers "$followers" -ne '$expected | length as $el | $followers | length as $fl | $fl == $el-1' > /dev/null; then
|
if jq --argjson expected "$VAULT_INSTANCE_PRIVATE_IPS" --argjson followers "$followers" -ne '$expected | length as $el | $followers | length as $fl | $fl == $el-1' > /dev/null; then
|
||||||
echo "$followers"
|
echo "$followers"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
# We're using an old version of vault so we'll just return ips that don't match the leader.
|
# We're using an old version of vault so we'll just return ips that don't match the leader.
|
||||||
# Get the public ip addresses of the followers
|
# Get the public ip addresses of the followers
|
||||||
|
|
Loading…
Reference in New Issue