Wpb 17321 enable demo cd

.github/workflows/deploy-wiab.yml

@@ -1,3 +1,5 @@
+# This playbook is not-up-to-date, requires to be updated to match with current developments
+# A new WIAB (wire in a box) dev solution has been created https://docs.wire.com/latest/how-to/install/demo-wiab.html and can be used until this (wiab-staging) gets updated
 name: Deploy on Hetzner WIAB setup
 on:
   workflow_run:

.github/workflows/offline.yml

@@ -201,6 +201,23 @@ jobs:
           AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
           AWS_REGION: "eu-west-1"
 
+      - name: Install terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "^1.3.7"
+          terraform_wrapper: false
+
+      - name: Deploy offline demo-wiab environment to hetzner
+        run: ./offline/cd_demo.sh
+        env:
+          HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
+
+      - name: Clean up hetzner wiab environment; just in case
+        if: always()
+        run: (cd terraform/examples/wiab-demo-hetzner ; terraform init && terraform destroy -auto-approve)
+        env:
+          HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
+
       - name: Cleanup demo build assets
         run: rm -rf offline/demo-build/output/
 

ansible/hetzner-single-deploy.yml

@@ -1,3 +1,5 @@
+# This playbook is not-up-to-date, requires to be updated to match with current developments
+# A new WIAB (wire in a box) dev solution has been created https://docs.wire.com/latest/how-to/install/demo-wiab.html and can be used until this (wiab-staging) gets updated
 - hosts: all
   become: true
   vars:

bin/autodeploy.sh

@@ -1,4 +1,7 @@
 #!/usr/bin/env bash
+# This script is not-up-to-date, requires to be updated to match with current developments
+# A new WIAB (wire in a box) dev solution has been created https://docs.wire.com/latest/how-to/install/demo-wiab.html and can be used until this (wiab-staging) gets updated
+
 # shellcheck disable=SC2087
 
 # This script can be replaced with a simpler solution of wiab-demo installtion

changelog.d/3-deploy-builds/cd-demo-wiab

@@ -0,0 +1,2 @@
+Added: enable cd-demo.sh to verify the demo-wiab builds
+Changed: add a note in old demo-staging playbooks and scripts that they aren't up-to-date and to also check demo-wiab

offline/cd_demo.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+CD_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+TF_DIR="${CD_DIR}/../terraform/examples/wiab-demo-hetzner"
+# shellcheck disable=SC2034  # May be used in future versions
+BIN_DIR="${CD_DIR}/../bin"
+# shellcheck disable=SC2034  # May be used in future versions
+ARTIFACTS_DIR="${CD_DIR}/demo-build/output"
+ANSIBLE_DIR="${CD_DIR}/../ansible"
+INVENTORY_DIR="${ANSIBLE_DIR}/inventory/demo"
+INVENTORY_FILE="${INVENTORY_DIR}/host.yml"
+TEST_USER="demo"
+COMMIT_HASH="${GITHUB_SHA}"
+
+function cleanup {
+  (cd "$TF_DIR" && terraform destroy -auto-approve)
+  echo "done"
+}
+
+trap cleanup EXIT
+
+cd "$TF_DIR"
+terraform init && terraform apply -auto-approve
+
+host=$(terraform output -raw host)
+ssh_private_key=$(terraform output ssh_private_key)
+
+rm -f "${INVENTORY_DIR}/ssh_private_key" || true
+echo "$ssh_private_key" > "${INVENTORY_DIR}/ssh_private_key"
+chmod 400 "${INVENTORY_DIR}/ssh_private_key"
+
+# clean old host verification keys to avoid SSH issues
+ssh-keygen -R "$host" || true
+
+# create demo user on the remote host
+ssh -v -oStrictHostKeyChecking=accept-new -oConnectionAttempts=10 -i "${INVENTORY_DIR}/ssh_private_key" "root@$host" \
+"useradd -m -s /bin/bash ${TEST_USER} && \
+usermod -aG sudo ${TEST_USER} && \
+mkdir -p /home/${TEST_USER}/.ssh && \
+cp /root/.ssh/authorized_keys /home/${TEST_USER}/.ssh/ && \
+chown -R ${TEST_USER}:${TEST_USER} /home/${TEST_USER}/.ssh && \
+chmod 700 /home/${TEST_USER}/.ssh && \
+chmod 600 /home/${TEST_USER}/.ssh/authorized_keys && \
+echo '${TEST_USER} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/${TEST_USER}"
+
+# update inventory file with host details
+yq eval -i ".wiab.hosts.deploy_node.ansible_host = \"$host\"" "${INVENTORY_FILE}"
+yq eval -i ".wiab.hosts.deploy_node.ansible_ssh_private_key_file = \"${INVENTORY_DIR}/ssh_private_key\"" "${INVENTORY_FILE}"
+yq eval -i ".wiab.vars.artifact_hash = \"$COMMIT_HASH\"" "${INVENTORY_FILE}"
+yq eval -i ".wiab.hosts.deploy_node.ansible_user = \"$TEST_USER\"" "${INVENTORY_FILE}"
+
+echo "Running ansible playbook deploy_wiab.yml against node $host"
+# deploying demo-wiab
+ansible-playbook -i "${INVENTORY_FILE}" "${ANSIBLE_DIR}/wiab-demo/deploy_wiab.yml" --skip-tags verify_dns,cert_manager_networking
+# cleaning demo-wiab
+ansible-playbook -i "${INVENTORY_FILE}" "${ANSIBLE_DIR}/wiab-demo/clean_cluster.yml" --tags remove_minikube,remove_artifacts,remove_packages,remove_iptables,remove_ssh
+
+cleanup

terraform/examples/wiab-demo-hetzner/.envrc

@@ -0,0 +1,5 @@
+[[ -f .envrc.local ]] && source_env .envrc.local
+# You can set this in .envrc.local to keep it out of VCS
+export HCLOUD_TOKEN
+source_up
+

terraform/examples/wiab-demo-hetzner/README.md

@@ -0,0 +1,4 @@
+# WiaB-demo-hetzner
+
+This environment is set up and destroyed on demand to test our demo-wiab solution. It will be used to provide an Ubuntu system for the demo. 
+https://docs.wire.com/latest/how-to/install/demo-wiab.html#installation-guide

terraform/examples/wiab-demo-hetzner/main.tf

@@ -0,0 +1,42 @@
+locals {
+  # Server type preferences with fallbacks
+  preferred_server_types = {
+    size = ["cx53", "cpx62"]  }
+}
+
+# Get available server types in the specified location
+data "hcloud_server_types" "available" {
+}
+
+# Helper locals to select available server types
+locals {
+  available_server_type_names = [for st in data.hcloud_server_types.available.server_types : st.name]
+
+  # Select the first available server type from the preference list
+  server_type = [
+    for preferred in local.preferred_server_types.size :
+    preferred if contains(local.available_server_type_names, preferred)
+  ][0]
+}
+
+resource "random_pet" "host" {
+}
+
+resource "tls_private_key" "host" {
+  algorithm   = "ECDSA"
+  ecdsa_curve = "P256"
+}
+
+resource "hcloud_ssh_key" "host" {
+  name       = "host-${random_pet.host.id}"
+  public_key = tls_private_key.host.public_key_openssh
+}
+
+resource "hcloud_server" "host" {
+  location    = "fsn1"
+  name        = "host-${random_pet.host.id}"
+  image       = "ubuntu-24.04"
+  ssh_keys    = [hcloud_ssh_key.host.name]
+  server_type = local.server_type
+
+}

terraform/examples/wiab-demo-hetzner/outputs.tf

@@ -0,0 +1,16 @@
+output "ssh_private_key" {
+  sensitive = true
+  value = tls_private_key.host.private_key_pem
+}
+
+output "selected_server_types" {
+  description = "Server types selected after checking availability"
+  value = {
+    server_type = local.server_type
+  }
+}
+
+output "host" {
+  sensitive = true
+  value = hcloud_server.host.ipv4_address
+}

terraform/examples/wiab-demo-hetzner/versions.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source = "hetznercloud/hcloud"
+    }
+  }
+  required_version = "~> 1.1"
+}