Tenant QE account (#840)

redhat-performance · Sep 23, 2024 · 47261fc · 47261fc
1 parent 1134aac
commit 47261fc
Show file tree

Hide file tree

Showing 5 changed files with 187 additions and 15 deletions.
diff --git a/jenkins/tenant/aws/common/run_cost_policies.py b/jenkins/tenant/aws/common/run_cost_policies.py
@@ -2,10 +2,11 @@
 
 access_key = os.environ['access_key']
 secret_key = os.environ['secret_key']
-s3_bucket = os.environ['s3_bucket']
 account_name = os.environ['account_name']
 ES_HOST = os.environ['ES_HOST']
 ES_PORT = os.environ['ES_PORT']
+ES_INDEX = os.environ.get('ES_INDEX', None)
+
 QUAY_CLOUD_GOVERNANCE_REPOSITORY = os.environ.get('QUAY_CLOUD_GOVERNANCE_REPOSITORY',
                                                   'quay.io/cloud-governance/cloud-governance')
 
@@ -14,6 +15,10 @@
 cost_metric = 'UnblendedCost'  # UnblendedCost/BlendedCost
 granularity = 'DAILY'  # DAILY/MONTHLY/HOURLY
 cost_explorer_index = 'cloud-governance-haim-cost-explorer-global-index'
+
+# Set es_index if given
+env_es_index = f'-e es_index="{ES_INDEX}"' if ES_INDEX else f'-e es_index="{cost_explorer_index}"'
+
 os.system(f"""echo "Running the CloudGovernance CostExplorer Policies" """)
 os.system(
-    f"""podman run --rm --name cloud-governance --net="host" -e AWS_DEFAULT_REGION="us-east-1" -e account="{account_name}" -e policy="cost_explorer" -e AWS_ACCESS_KEY_ID="{access_key}" -e AWS_SECRET_ACCESS_KEY="{secret_key}" -e es_host="{ES_HOST}" -e es_port="{ES_PORT}" -e es_index="{cost_explorer_index}" -e cost_explorer_tags="{cost_tags}" -e granularity="{granularity}" -e cost_metric="{cost_metric}" -e log_level="INFO" {QUAY_CLOUD_GOVERNANCE_REPOSITORY}""")
+    f"""podman run --rm --name cloud-governance --net="host" -e AWS_DEFAULT_REGION="us-east-1" -e account="{account_name}" -e policy="cost_explorer" -e AWS_ACCESS_KEY_ID="{access_key}" -e AWS_SECRET_ACCESS_KEY="{secret_key}" -e es_host="{ES_HOST}" {env_es_index} -e es_port="{ES_PORT}"  -e cost_explorer_tags="{cost_tags}" -e granularity="{granularity}" -e cost_metric="{cost_metric}" -e log_level="INFO" {QUAY_CLOUD_GOVERNANCE_REPOSITORY}""")
diff --git a/jenkins/tenant/aws/common/run_policies.py b/jenkins/tenant/aws/common/run_policies.py
@@ -44,19 +44,9 @@ def run_cmd(cmd: str):
     os.system(cmd)
 
 
-def get_container_cmd(env_dict: dict):
-    create_container_envs = lambda item: f'-e {item[0]}="{item[1]}"'
-    env_list = ' '.join(list(map(create_container_envs, env_dict.items())))
-    container_name = "cloud-governance-poc-haim"
-    container_run_cmd = f"""
-podman run --rm --name "{container_name}" --net="host" {env_list}  {QUAY_CLOUD_GOVERNANCE_REPOSITORY}
-"""
-    return container_run_cmd
-
-
 access_key = os.environ['access_key']
 secret_key = os.environ['secret_key']
-s3_bucket = os.environ['s3_bucket']
+s3_bucket = os.environ.get('s3_bucket')
 account_name = os.environ['account_name']
 days_to_delete_resource = os.environ.get('days_to_delete_resource', 14)
 LDAP_HOST_NAME = os.environ['LDAP_HOST_NAME']
@@ -68,6 +58,21 @@ def get_container_cmd(env_dict: dict):
 SPREADSHEET_ID = os.environ['AWS_IAM_USER_SPREADSHEET_ID']
 ADMIN_MAIL_LIST = os.environ.get('ADMIN_MAIL_LIST', '')
 
+# Set es_index if given
+ES_INDEX = os.environ.get('ES_INDEX', None)
+env_es_index = f'-e es_index={ES_INDEX}' if ES_INDEX else ''
+
+
+def get_container_cmd(env_dict: dict):
+    create_container_envs = lambda item: f'-e {item[0]}="{item[1]}"'
+    env_list = ' '.join(list(map(create_container_envs, env_dict.items())))
+    container_name = "cloud-governance-poc-haim"
+    container_run_cmd = f"""
+podman run --rm --name "{container_name}" --net="host" {env_list} {env_es_index} {QUAY_CLOUD_GOVERNANCE_REPOSITORY}
+"""
+    return container_run_cmd
+
+
 policies_in_action = os.environ.get('POLICIES_IN_ACTION', [])
 if isinstance(policies_in_action, str):
     policies_in_action = literal_eval(policies_in_action)
@@ -91,8 +96,9 @@ def get_container_cmd(env_dict: dict):
 
 def run_policies(policies: list, dry_run: str = 'yes'):
     for region in regions:
-        container_env_dict.update({"policy_output": f"s3://{s3_bucket}/{LOGS}/{region}", "AWS_DEFAULT_REGION": region,
-                                   'dry_run': dry_run})
+        if s3_bucket:
+            container_env_dict.update({"policy_output": f"s3://{s3_bucket}/{LOGS}/{region}"})
+        container_env_dict.update({"AWS_DEFAULT_REGION": region, 'dry_run': dry_run})
         for policy in policies:
             container_env_dict.update({"AWS_DEFAULT_REGION": region, 'policy': policy})
             container_cmd = ''

diff --git a/jenkins/tenant/aws/qe/PolicyJenkinsfileDaily b/jenkins/tenant/aws/qe/PolicyJenkinsfileDaily
@@ -0,0 +1,87 @@
+accounts_list = ['redhat-hacbs-dev': "[email protected], [email protected], [email protected], [email protected], [email protected]"]
+pipeline {
+    options {
+        disableConcurrentBuilds()
+    }
+    agent {
+        docker {
+            label 'haim-cloud-governance-worker'
+            image 'quay.io/athiru/fedora38-podman:latest'
+            args  '-u root -v /etc/postfix/main.cf:/etc/postfix/main.cf --privileged'
+        }
+    }
+    environment {
+        QUAY_CLOUD_GOVERNANCE_REPOSITORY = credentials('QUAY_CLOUD_GOVERNANCE_REPOSITORY')
+        AWS_IAM_USER_SPREADSHEET_ID = credentials('cloud-governance-aws-iam-user-spreadsheet-id')
+        GOOGLE_APPLICATION_CREDENTIALS = credentials('cloud-governance-google-application-credentials')
+        LDAP_HOST_NAME = credentials('cloud-governance-ldap-host-name')
+        ES_HOST = credentials('cloud-governance-es-host')
+        ES_PORT = credentials('cloud-governance-es-port')
+        ALERT_DRY_RUN = true
+        contact1 = "[email protected]"
+        contact2 = "[email protected]"
+        // Find the all available policies: https://github.com/redhat-performance/cloud-governance/tree/main/cloud_governance/policy
+        // By default, all policies are running in dry_run="yes" mode and the whole list can be found in run_policies.py
+        // POLICIES_IN_ACTION: Policies that run in the dry_run="no" mode
+        POLICIES_IN_ACTION = '[]'
+    }
+    stages {
+        stage('Checkout') { // Checkout (git clone ...) the projects repository
+           steps {
+                 checkout scm
+           }
+        }
+        stage('Initial Cleanup') {
+            steps {
+                 sh '''if [[ "$(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null)" != "" ]]; then podman rmi -f $(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null); fi'''
+            }
+        }
+        stage('Run Cost Policies') {
+            steps {
+                 script {
+                    for (account in accounts_list.keySet()) {
+                        echo "Running for account ${account.toUpperCase()}"
+                        withCredentials([string(credentialsId: "${account}-aws-access-key-id", variable: 'access_key'),
+                                        string(credentialsId: "${account}-aws-secret-key-id", variable: 'secret_key')]) {
+                        env.account_name = "${account}"
+                        env.ES_INDEX = "cloud-governance-cost-explorer-global-index-tenant-qe"
+                        sh 'python3 jenkins/tenant/aws/common/run_cost_policies.py'
+                                        }
+                    }
+                }
+            }
+        }
+        stage('Run Daily Policies') {
+            steps {
+                 script {
+                    for (account in accounts_list.keySet()) {
+                        echo "Running for account ${account.toUpperCase()}"
+                        withCredentials([string(credentialsId: "${account}-aws-access-key-id", variable: 'access_key'),
+                                        string(credentialsId: "${account}-aws-secret-key-id", variable: 'secret_key')]) {
+                        env.account_name = "${account}"
+                        env.ADMIN_MAIL_LIST = "${accounts_list[account]}"
+                        env.ES_INDEX = "cloud-governance-cost-policy-es-index-tenant-qe"
+                        sh 'python3 jenkins/tenant/aws/common/run_policies.py'
+                                        }
+                    }
+                }
+            }
+        }
+        stage('Finalize Cleanup') {
+            steps {
+                 sh '''if [[ "$(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null)" != "" ]]; then podman rmi -f $(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null); fi'''
+                 deleteDir()
+            }
+        }
+    }
+    post {
+        failure {
+              script {
+                msg = "Build error for ${env.JOB_NAME} ${env.BUILD_NUMBER} (${env.BUILD_URL})"
+                emailext body: """\
+            Jenkins job: ${env.BUILD_URL}\nSee the console output for more details:  ${env.BUILD_URL}consoleFull\n\n
+            """,subject: msg, to: "${contact1}, ${contact2}"
+            }
+          }
+    }
+}
diff --git a/jenkins/tenant/aws/qe/README.md b/jenkins/tenant/aws/qe/README.md
@@ -0,0 +1,13 @@
+### ecoeng_02 - dry_run=no
+
+**POLICIES_IN_ACTION
+** = '[]'
+
+ES_HOST:
+
+- Currently using intlab
+
+Accounts:
+
+1. **redhat-hacbs-dev**: "[email protected], [email protected], [email protected], [email protected], [email protected],
+   [email protected]"
diff --git a/jenkins/tenant/aws/qe/TaggingJenkinsfileHourly b/jenkins/tenant/aws/qe/TaggingJenkinsfileHourly
@@ -0,0 +1,61 @@
+account = ['redhat-hacbs-dev']
+pipeline {
+    options {
+        disableConcurrentBuilds()
+    }
+    agent {
+        docker {
+            label 'haim-cloud-governance-worker'
+            image 'quay.io/athiru/fedora38-podman:latest'
+            args  '-u root -v /etc/postfix/main.cf:/etc/postfix/main.cf --privileged'
+        }
+    }
+    environment {
+        QUAY_CLOUD_GOVERNANCE_REPOSITORY = credentials('QUAY_CLOUD_GOVERNANCE_REPOSITORY')
+        LDAP_HOST_NAME = credentials('cloud-governance-ldap-host-name')
+        contact1 = "[email protected]"
+        contact2 = "[email protected]"
+    }
+    stages {
+        stage('Checkout') { // Checkout (git clone ...) the projects repository
+           steps {
+                 checkout scm
+           }
+        }
+        stage('Initial Cleanup') {
+            steps {
+                 sh '''if [[ "$(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null)" != "" ]]; then podman rmi -f $(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null); fi'''
+            }
+        }
+        stage('Run Tagging Cluster & Non-Cluster') {
+            steps {
+                 script {
+                    for (int i = 0; i < account.size(); ++i) {
+                        echo "Running for account ${account[i].toUpperCase()}"
+                        withCredentials([string(credentialsId: "${account[i]}-aws-access-key-id", variable: 'access_key'),
+                                        string(credentialsId: "${account[i]}-aws-secret-key-id", variable: 'secret_key')]) {
+                        env.account_name = "${account[i]}"
+                        sh 'python3 jenkins/tenant/aws/common/run_tagging.py'
+                                        }
+                    }
+                }
+            }
+        }
+        stage('Finalize Cleanup') {
+            steps {
+                 sh '''if [[ "$(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null)" != "" ]]; then podman rmi -f $(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null); fi'''
+                 deleteDir()
+            }
+        }
+    }
+    post {
+        failure {
+              script {
+                msg = "Build error for ${env.JOB_NAME} ${env.BUILD_NUMBER} (${env.BUILD_URL})"
+                emailext body: """\
+            Jenkins job: ${env.BUILD_URL}\nSee the console output for more details:  ${env.BUILD_URL}consoleFull\n\n
+            """,subject: msg, to: "${contact1}, ${contact2}"
+            }
+          }
+    }
+}