diff --git a/jenkins/tenant/aws/common/run_cost_policies.py b/jenkins/tenant/aws/common/run_cost_policies.py index 7af0e079..dba179ea 100644 --- a/jenkins/tenant/aws/common/run_cost_policies.py +++ b/jenkins/tenant/aws/common/run_cost_policies.py @@ -2,10 +2,11 @@ access_key = os.environ['access_key'] secret_key = os.environ['secret_key'] -s3_bucket = os.environ['s3_bucket'] account_name = os.environ['account_name'] ES_HOST = os.environ['ES_HOST'] ES_PORT = os.environ['ES_PORT'] +ES_INDEX = os.environ.get('ES_INDEX', None) + QUAY_CLOUD_GOVERNANCE_REPOSITORY = os.environ.get('QUAY_CLOUD_GOVERNANCE_REPOSITORY', 'quay.io/cloud-governance/cloud-governance') @@ -14,6 +15,10 @@ cost_metric = 'UnblendedCost' # UnblendedCost/BlendedCost granularity = 'DAILY' # DAILY/MONTHLY/HOURLY cost_explorer_index = 'cloud-governance-haim-cost-explorer-global-index' + +# Set es_index if given +env_es_index = f'-e es_index="{ES_INDEX}"' if ES_INDEX else f'-e es_index="{cost_explorer_index}"' + os.system(f"""echo "Running the CloudGovernance CostExplorer Policies" """) os.system( - f"""podman run --rm --name cloud-governance --net="host" -e AWS_DEFAULT_REGION="us-east-1" -e account="{account_name}" -e policy="cost_explorer" -e AWS_ACCESS_KEY_ID="{access_key}" -e AWS_SECRET_ACCESS_KEY="{secret_key}" -e es_host="{ES_HOST}" -e es_port="{ES_PORT}" -e es_index="{cost_explorer_index}" -e cost_explorer_tags="{cost_tags}" -e granularity="{granularity}" -e cost_metric="{cost_metric}" -e log_level="INFO" {QUAY_CLOUD_GOVERNANCE_REPOSITORY}""") + f"""podman run --rm --name cloud-governance --net="host" -e AWS_DEFAULT_REGION="us-east-1" -e account="{account_name}" -e policy="cost_explorer" -e AWS_ACCESS_KEY_ID="{access_key}" -e AWS_SECRET_ACCESS_KEY="{secret_key}" -e es_host="{ES_HOST}" {env_es_index} -e es_port="{ES_PORT}" -e cost_explorer_tags="{cost_tags}" -e granularity="{granularity}" -e cost_metric="{cost_metric}" -e log_level="INFO" {QUAY_CLOUD_GOVERNANCE_REPOSITORY}""") diff --git a/jenkins/tenant/aws/common/run_policies.py b/jenkins/tenant/aws/common/run_policies.py index ba152029..6f79ed98 100644 --- a/jenkins/tenant/aws/common/run_policies.py +++ b/jenkins/tenant/aws/common/run_policies.py @@ -44,19 +44,9 @@ def run_cmd(cmd: str): os.system(cmd) -def get_container_cmd(env_dict: dict): - create_container_envs = lambda item: f'-e {item[0]}="{item[1]}"' - env_list = ' '.join(list(map(create_container_envs, env_dict.items()))) - container_name = "cloud-governance-poc-haim" - container_run_cmd = f""" -podman run --rm --name "{container_name}" --net="host" {env_list} {QUAY_CLOUD_GOVERNANCE_REPOSITORY} -""" - return container_run_cmd - - access_key = os.environ['access_key'] secret_key = os.environ['secret_key'] -s3_bucket = os.environ['s3_bucket'] +s3_bucket = os.environ.get('s3_bucket') account_name = os.environ['account_name'] days_to_delete_resource = os.environ.get('days_to_delete_resource', 14) LDAP_HOST_NAME = os.environ['LDAP_HOST_NAME'] @@ -68,6 +58,21 @@ def get_container_cmd(env_dict: dict): SPREADSHEET_ID = os.environ['AWS_IAM_USER_SPREADSHEET_ID'] ADMIN_MAIL_LIST = os.environ.get('ADMIN_MAIL_LIST', '') +# Set es_index if given +ES_INDEX = os.environ.get('ES_INDEX', None) +env_es_index = f'-e es_index={ES_INDEX}' if ES_INDEX else '' + + +def get_container_cmd(env_dict: dict): + create_container_envs = lambda item: f'-e {item[0]}="{item[1]}"' + env_list = ' '.join(list(map(create_container_envs, env_dict.items()))) + container_name = "cloud-governance-poc-haim" + container_run_cmd = f""" +podman run --rm --name "{container_name}" --net="host" {env_list} {env_es_index} {QUAY_CLOUD_GOVERNANCE_REPOSITORY} +""" + return container_run_cmd + + policies_in_action = os.environ.get('POLICIES_IN_ACTION', []) if isinstance(policies_in_action, str): policies_in_action = literal_eval(policies_in_action) @@ -91,8 +96,9 @@ def get_container_cmd(env_dict: dict): def run_policies(policies: list, dry_run: str = 'yes'): for region in regions: - container_env_dict.update({"policy_output": f"s3://{s3_bucket}/{LOGS}/{region}", "AWS_DEFAULT_REGION": region, - 'dry_run': dry_run}) + if s3_bucket: + container_env_dict.update({"policy_output": f"s3://{s3_bucket}/{LOGS}/{region}"}) + container_env_dict.update({"AWS_DEFAULT_REGION": region, 'dry_run': dry_run}) for policy in policies: container_env_dict.update({"AWS_DEFAULT_REGION": region, 'policy': policy}) container_cmd = '' diff --git a/jenkins/tenant/aws/qe/PolicyJenkinsfileDaily b/jenkins/tenant/aws/qe/PolicyJenkinsfileDaily new file mode 100644 index 00000000..6387abde --- /dev/null +++ b/jenkins/tenant/aws/qe/PolicyJenkinsfileDaily @@ -0,0 +1,87 @@ +accounts_list = ['redhat-hacbs-dev': "dbaez@redhat.com, eedri@redhat.com, ilario@redhat.com, xjiang@redhat.com, ebattat@redhat.com"] +pipeline { + options { + disableConcurrentBuilds() + } + agent { + docker { + label 'haim-cloud-governance-worker' + image 'quay.io/athiru/fedora38-podman:latest' + args '-u root -v /etc/postfix/main.cf:/etc/postfix/main.cf --privileged' + } + } + environment { + QUAY_CLOUD_GOVERNANCE_REPOSITORY = credentials('QUAY_CLOUD_GOVERNANCE_REPOSITORY') + AWS_IAM_USER_SPREADSHEET_ID = credentials('cloud-governance-aws-iam-user-spreadsheet-id') + GOOGLE_APPLICATION_CREDENTIALS = credentials('cloud-governance-google-application-credentials') + LDAP_HOST_NAME = credentials('cloud-governance-ldap-host-name') + ES_HOST = credentials('cloud-governance-es-host') + ES_PORT = credentials('cloud-governance-es-port') + ALERT_DRY_RUN = true + contact1 = "ebattat@redhat.com" + contact2 = "athiruma@redhat.com" + // Find the all available policies: https://github.com/redhat-performance/cloud-governance/tree/main/cloud_governance/policy + // By default, all policies are running in dry_run="yes" mode and the whole list can be found in run_policies.py + // POLICIES_IN_ACTION: Policies that run in the dry_run="no" mode + POLICIES_IN_ACTION = '[]' + } + stages { + stage('Checkout') { // Checkout (git clone ...) the projects repository + steps { + checkout scm + } + } + stage('Initial Cleanup') { + steps { + sh '''if [[ "$(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null)" != "" ]]; then podman rmi -f $(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null); fi''' + } + } + stage('Run Cost Policies') { + steps { + script { + for (account in accounts_list.keySet()) { + echo "Running for account ${account.toUpperCase()}" + withCredentials([string(credentialsId: "${account}-aws-access-key-id", variable: 'access_key'), + string(credentialsId: "${account}-aws-secret-key-id", variable: 'secret_key')]) { + env.account_name = "${account}" + env.ES_INDEX = "cloud-governance-cost-explorer-global-index-tenant-qe" + sh 'python3 jenkins/tenant/aws/common/run_cost_policies.py' + } + } + } + } + } + stage('Run Daily Policies') { + steps { + script { + for (account in accounts_list.keySet()) { + echo "Running for account ${account.toUpperCase()}" + withCredentials([string(credentialsId: "${account}-aws-access-key-id", variable: 'access_key'), + string(credentialsId: "${account}-aws-secret-key-id", variable: 'secret_key')]) { + env.account_name = "${account}" + env.ADMIN_MAIL_LIST = "${accounts_list[account]}" + env.ES_INDEX = "cloud-governance-cost-policy-es-index-tenant-qe" + sh 'python3 jenkins/tenant/aws/common/run_policies.py' + } + } + } + } + } + stage('Finalize Cleanup') { + steps { + sh '''if [[ "$(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null)" != "" ]]; then podman rmi -f $(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null); fi''' + deleteDir() + } + } + } + post { + failure { + script { + msg = "Build error for ${env.JOB_NAME} ${env.BUILD_NUMBER} (${env.BUILD_URL})" + emailext body: """\ + Jenkins job: ${env.BUILD_URL}\nSee the console output for more details: ${env.BUILD_URL}consoleFull\n\n + """,subject: msg, to: "${contact1}, ${contact2}" + } + } + } +} diff --git a/jenkins/tenant/aws/qe/README.md b/jenkins/tenant/aws/qe/README.md new file mode 100644 index 00000000..448ad6a6 --- /dev/null +++ b/jenkins/tenant/aws/qe/README.md @@ -0,0 +1,13 @@ +### ecoeng_02 - dry_run=no + +**POLICIES_IN_ACTION +** = '[]' + +ES_HOST: + +- Currently using intlab + +Accounts: + +1. **redhat-hacbs-dev**: "dbaez@redhat.com, eedri@redhat.com, ilario@redhat.com, xjiang@redhat.com, ebattat@redhat.com, + hhalbfin@redhat.com" diff --git a/jenkins/tenant/aws/qe/TaggingJenkinsfileHourly b/jenkins/tenant/aws/qe/TaggingJenkinsfileHourly new file mode 100644 index 00000000..73fcccf4 --- /dev/null +++ b/jenkins/tenant/aws/qe/TaggingJenkinsfileHourly @@ -0,0 +1,61 @@ +account = ['redhat-hacbs-dev'] +pipeline { + options { + disableConcurrentBuilds() + } + agent { + docker { + label 'haim-cloud-governance-worker' + image 'quay.io/athiru/fedora38-podman:latest' + args '-u root -v /etc/postfix/main.cf:/etc/postfix/main.cf --privileged' + } + } + environment { + QUAY_CLOUD_GOVERNANCE_REPOSITORY = credentials('QUAY_CLOUD_GOVERNANCE_REPOSITORY') + LDAP_HOST_NAME = credentials('cloud-governance-ldap-host-name') + contact1 = "ebattat@redhat.com" + contact2 = "athiruma@redhat.com" + } + stages { + stage('Checkout') { // Checkout (git clone ...) the projects repository + steps { + checkout scm + } + } + stage('Initial Cleanup') { + steps { + sh '''if [[ "$(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null)" != "" ]]; then podman rmi -f $(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null); fi''' + } + } + stage('Run Tagging Cluster & Non-Cluster') { + steps { + script { + for (int i = 0; i < account.size(); ++i) { + echo "Running for account ${account[i].toUpperCase()}" + withCredentials([string(credentialsId: "${account[i]}-aws-access-key-id", variable: 'access_key'), + string(credentialsId: "${account[i]}-aws-secret-key-id", variable: 'secret_key')]) { + env.account_name = "${account[i]}" + sh 'python3 jenkins/tenant/aws/common/run_tagging.py' + } + } + } + } + } + stage('Finalize Cleanup') { + steps { + sh '''if [[ "$(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null)" != "" ]]; then podman rmi -f $(podman images -q ${QUAY_CLOUD_GOVERNANCE_REPOSITORY} 2> /dev/null); fi''' + deleteDir() + } + } + } + post { + failure { + script { + msg = "Build error for ${env.JOB_NAME} ${env.BUILD_NUMBER} (${env.BUILD_URL})" + emailext body: """\ + Jenkins job: ${env.BUILD_URL}\nSee the console output for more details: ${env.BUILD_URL}consoleFull\n\n + """,subject: msg, to: "${contact1}, ${contact2}" + } + } + } +}