feat(infrastructure): Bring multiapps-controller to CF

ci/Makefile

@@ -3,11 +3,14 @@
 set-autoscaler-pipeline:
 	@./autoscaler/set-pipeline.sh
 
+.PHONY: set-infrastructure-pipeline
+set-infrastructure-pipeline:
+	@./infrastructure/set-pipeline.sh
+
 .PHONY: unpause-pipeline
 unpause-pipeline:
 	@./scripts/unpause-pipeline.sh
 
-
 .PHONY: delete-pipeline
 delete-pipeline:
 	@./scripts/delete-pipeline.sh

ci/autoscaler/scripts/deploy-autoscaler.sh

@@ -1,6 +1,7 @@
 #! /usr/bin/env bash
 # shellcheck disable=SC2086,SC2034,SC2155
 set -euo pipefail
+
 script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 source "${script_dir}/vars.source.sh"
 

ci/infrastructure/pipeline.yml

@@ -9,18 +9,32 @@ groups:
   - bosh-cleanup
   - fetch-latest-stemcell
   - deploy-prometheus
+  - deploy-multiapps-controller
 
 - name: others
   jobs:
   - set-pipeline
 
 resource_types:
-- name: gcs-resource
-  type: registry-image
+- name: file-url
+  type: docker-image
   source:
-    repository: frodenas/gcs-resource
+    repository: pivotalservices/concourse-curl-resource
+    tag: latest
 
 resources:
+- name: multiapps-controller-web-war
+  type: file-url
+  source:
+    url: https://repo.maven.apache.org/maven2/org/cloudfoundry/multiapps/multiapps-controller-web/1.174.0/multiapps-controller-web-1.174.0.war
+    filename: multiapps-controller-web-1.174.0.war
+
+- name: multiapps-controller-web-manifest
+  type: file-url
+  source:
+    url: https://repo.maven.apache.org/maven2/org/cloudfoundry/multiapps/multiapps-controller-web/1.174.0/multiapps-controller-web-1.174.0-manifest.yml
+    filename: multiapps-controller-web-1.174.0-manifest.yml
+
 - name: ci
   type: git
   icon: github
@@ -44,6 +58,19 @@ resources:
     uri: https://github.com/bosh-prometheus/prometheus-boshrelease.git
     branch: master
 
+- name: postgres-repo
+  type: git
+  icon: github
+  source:
+    uri: https://github.com/cloudfoundry/postgres-release.git
+    branch: v52
+
+- name: postgres-release
+  type: bosh-io-release
+  source:
+    repository: cloudfoundry/postgres-release
+    version: v52
+
 - name: bbl-state
   type: git
   icon: github
@@ -240,7 +267,7 @@ jobs:
       vars-files: autoscaler-env-vars-store
     params:
       SYSTEM_DOMAIN: autoscaler.app-runtime-interfaces.ci.cloudfoundry.org
-      OPS_FILES: "operations/cf/scale-to-one-az.yml operations/cf/experimental/add-cflinuxfs4.yml operations/autoscaler/scale_out_cf_for_app-autoscaler.yaml operations/autoscaler/set-cpu-entitlement-per-share.yaml operations/cf/use-compiled-releases.yml operations/autoscaler/enable_mtls.yml operations/prometheus/operators/cf/add-prometheus-uaa-clients.yml operations/prometheus/operators/cf/add-grafana-uaa-clients.yml"
+      OPS_FILES: "operations/cf/scale-to-one-az.yml operations/cf/experimental/add-cflinuxfs4.yml operations/autoscaler/scale_out_cf_for_app-autoscaler.yaml operations/autoscaler/set-cpu-entitlement-per-share.yaml operations/autoscaler/add-trusted-certs.yaml operations/cf/use-compiled-releases.yml operations/autoscaler/enable_mtls.yml operations/prometheus/operators/cf/add-prometheus-uaa-clients.yml operations/prometheus/operators/cf/add-grafana-uaa-clients.yml"
       BOSH_DEPLOY_ARGS: "-v diego_cell_instances=3 -v grafana_redirect_uri=https://grafana.autoscaler.app-runtime-interfaces.ci.cloudfoundry.org/login/generic_oauth"
     ensure:
       put: autoscaler-env-vars-store
@@ -254,4 +281,24 @@ jobs:
     params:
       ERRAND_NAME: smoke-tests
 
-
+- name: deploy-multiapps-controller
+  serial_groups: [infra]
+  public: true
+  build_logs_to_retain: 100
+  plan:
+  - in_parallel:
+    - get: bbl-state
+      trigger: true
+      passed: [setup-infrastructure]
+    - get: ci
+    - get: postgres-repo
+    - get: postgres-release
+    - get: multiapps-controller-web-war
+    - get: multiapps-controller-web-manifest
+  - task: deploy-postgres
+    file: ci/ci/infrastructure/tasks/deploy-postgres.yml
+    params:
+      BBL_GCP_REGION: europe-west3
+      BBL_GCP_ZONE: europe-west3-a
+  - task: deploy-multiapps-controller
+    file: ci/ci/infrastructure/tasks/deploy-multiapps-controller.yml

ci/infrastructure/scripts/deploy-multiapps-controller.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+# shellcheck disable=SC2086
+set -euo pipefail
+
+script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+source "${script_dir}/vars.source.sh"
+source "${script_dir}/utils.source.sh"
+
+function create_postgres_service() {
+  postgres_username="pgadmin"
+  postgres_database_name="multiapps_controller"
+  postgres_hostname="$(credhub get -n /bosh-autoscaler/postgres/postgres_host_or_ip -q)"
+  postgres_password="$(credhub get -n /bosh-autoscaler/postgres/pgadmin_database_password -q)"
+
+  # delete existing service
+  cf cups deploy-service-database -p "{ \"uri\": \"postgres://${postgres_username}:${postgres_password}@${postgres_hostname}:5524/${postgres_database_name}?ssl=false\", \"username\": \"${postgres_username}\", \"password\": \"${postgres_password}\" }" -t postgres
+}
+
+
+function deploy_multiapps_controller() {
+  app_name=deploy-service
+
+  mv multiapps-controller-web-war/*.war .
+  pushd multiapps-controller-web-manifest
+  cf push -f ./*.yml "${app_name}"
+
+  popd
+}
+
+function add_postrgres_security_group() {
+  postgres_ip="$(credhub get -n /bosh-autoscaler/postgres/postgres_host_or_ip --quiet)"
+
+  security_group_json_path="$(mktemp)"
+  cat <<EOF > "${security_group_json_path}"
+ [
+  {
+    "protocol": "tcp",
+    "destination": "${postgres_ip}/32",
+    "ports": "5524",
+    "description": "allow egress to the internal postgres IP"
+  }
+ ]
+EOF
+
+  cf create-security-group multiapps-postgres-security-group "${security_group_json_path}"
+  cf update-security-group multiapps-postgres-security-group "${security_group_json_path}"
+  cf unbind-security-group multiapps-postgres-security-group ${cf_org} ${cf_space}
+  cf bind-security-group multiapps-postgres-security-group ${cf_org} --space ${cf_space}
+}
+
+function cleanup_multiapps_controller() {
+  cf delete -f multiapps-controller
+  cf delete-service -f deploy-service-database
+}
+
+load_bbl_vars
+cf_login "${system_domain}"
+cleanup_multiapps_controller
+create_postgres_service
+add_postrgres_security_group
+deploy_multiapps_controller

ci/infrastructure/scripts/deploy-postgres.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+# shellcheck disable=SC2086
+set -euo pipefail
+
+script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+source "${script_dir}/vars.source.sh"
+source "${script_dir}/utils.source.sh"
+
+bosh_deploy_opts=${BOSH_DEPLOY_OPTS:-}
+deployment_name="${DEPLOYMENT_NAME:-postgres}"
+
+release_dir="${POSTGRES_DIR:-$(realpath -e ${root_dir}/../postgres-release)}"
+repo_dir="${REPO_DIR:-$(realpath -e ${root_dir}/../postgres-repo)}"
+deployment_manifest=${DEPLOYMENT_MANIFEST:-"${repo_dir}/templates/postgres.yml"}
+
+release_ops="${repo_dir}/templates/operations"
+ops_files=${OPS_FILES:-"${release_ops}/add_static_ips.yml\
+                       ${ci_dir}/operations/set-postgres-disk.yml\
+                       ${ci_dir}/operations/add-multiapps-databases-to-postgres.yml \
+                       "}
+
+
+
+function deploy () {
+  local ops_files_to_use=""
+  validate_ops_files "${ops_files}"
+
+  for OPS_FILE in ${ops_files}; do
+    ops_files_to_use="${ops_files_to_use} -o ${OPS_FILE}"
+  done
+
+  credhub set -n /bosh-autoscaler/postgres/postgres_host_or_ip -t value -v "10.0.255.2"
+
+  step "Deploying release with name '${deployment_name}' "
+  log "using Ops files: '${ops_files_to_use}'"
+  bosh -n -d "${deployment_name}" \
+    deploy "${deployment_manifest}" \
+    ${ops_files_to_use} \
+    ${bosh_deploy_opts}
+}
+
+load_bbl_vars
+find_or_upload_stemcell_from "${deployment_manifest}"
+
+upload_release "${release_dir}"
+deploy
+

ci/infrastructure/scripts/deploy-prometheus.sh

@@ -13,7 +13,7 @@ uaa_ssl_ca_file="${UAA_SSL_CA_FILE:-$(mktemp)}"
 uaa_ssl_cert_file="${UAA_SSL_CERT_FILE:-$(mktemp)}"
 uaa_ssl_key_file="${UAA_SSL_KEY_FILE:-$(mktemp)}"
 slack_channel="${SLACK_CHANNEL:-cf-dev-autoscaler-alerts}"
-slack_webhook="${SLACK_WEBHOOK}"
+slack_webhook="${SLACK_WEBHOOK:-}"
 prometheus_dir="${PROMETHEUS_DIR:-$(realpath -e ${root_dir}/../prometheus-boshrelease)}"
 deployment_manifest=${DEPLOYMENT_MANIFEST:-"${prometheus_dir}/manifests/prometheus.yml"}
 prometheus_ops="${prometheus_dir}/manifests/operators"

ci/infrastructure/scripts/utils.source.sh

@@ -0,0 +1,87 @@
+
+# shellcheck disable=SC2086
+bosh_upload_stemcell_opts="${BOSH_UPLOAD_STEMCELL_OPTS:-""}"
+
+function find_or_upload_stemcell_from(){
+  deployment_manifest=$1
+  # Determine if we need to upload a stemcell at this point.
+  stemcell_os=$(yq eval '.stemcells[] | select(.alias == "default").os' "${deployment_manifest}")
+  stemcell_version=$(yq eval '.stemcells[] | select(.alias == "default").version' "${deployment_manifest}")
+  stemcell_name="bosh-google-kvm-${stemcell_os}-go_agent"
+
+  if ! bosh stemcells | grep "${stemcell_name}" >/dev/null; then
+    URL="https://bosh.io/d/stemcells/${stemcell_name}"
+    if [ "${stemcell_version}" != "latest" ]; then
+	    URL="${URL}?v=${stemcell_version}"
+    fi
+    wget "$URL" -O stemcell.tgz
+    bosh -n upload-stemcell $bosh_upload_stemcell_opts stemcell.tgz
+  fi
+}
+
+# upload release from a bosh.io resource
+function upload_release(){
+  release_dir=$1
+
+  pushd "${release_dir}" > /dev/null || exit
+    echo "Uploading release from ${release_dir}"
+    echo "Listing files in ${release_dir}:"
+    log "$(ls -1 ./*.tgz)"
+    bosh -n upload-release release.tgz
+  popd > /dev/null || exit
+}
+
+function load_bbl_vars() {
+  if [ -z "${bbl_state_path}" ]; then
+    echo "ERROR: bbl_state_path is not set"
+    exit 1
+  fi
+
+  director_store="${bbl_state_path}/vars/director-vars-store.yml"
+  log "director_store = '${director_store}'"
+  if [[ ! -d ${bbl_state_path} ]]; then
+    echo "FAILED: Did not find bbl-state folder at ${bbl_state_path}"
+    echo "Make sure you have checked out the app-autoscaler-env-bbl-state repository next to the app-autoscaler-release repository to run this target or indicate its location via BBL_STATE_PATH";
+    exit 1;
+  fi
+
+  pushd "${bbl_state_path}" > /dev/null || exit
+    eval "$(bbl print-env)"
+  popd > /dev/null || exit
+}
+
+function validate_ops_files() {
+  local ops_files=$1
+
+  for ops_file in ${ops_files}; do
+    if [ ! -f "${ops_file}" ]; then
+      echo "ERROR: could not find ops file ${ops_file} in ${PWD}"
+      exit 1
+    fi
+  done
+}
+
+function add_var_to_bosh_deploy_opts() {
+  local var_name=$1
+  local var_value=$2
+  bosh_deploy_opts="${bosh_deploy_opts} -v ${var_name}=${var_value}"
+}
+
+function cf_login(){
+  local system_domain=$1
+
+  cf api "https://api.${system_domain}" --skip-ssl-validation
+  CF_ADMIN_PASSWORD=$(credhub get -n /bosh-autoscaler/cf/cf_admin_password -q)
+  cf auth admin "$CF_ADMIN_PASSWORD"
+
+  if [ -n "${CF_ORG}" ]; then
+    cf create-org "${CF_ORG}"
+    cf target -o "${CF_ORG}"
+  fi
+
+  if [ -n "${CF_SPACE}" ]; then
+    cf create-space "${CF_SPACE}"
+    cf target -s "${CF_SPACE}"
+  fi
+}
+

ci/infrastructure/scripts/vars.source.sh

@@ -87,6 +87,14 @@ export BBL_GCP_ZONE="europe-west3-a"
 export bbl_gcp_zone="${BBL_GCP_ZONE}"
 debug "BBL_GCP_ZONE: ${BBL_GCP_ZONE}"
 
+export CF_ORG="system"
+export cf_org="${CF_ORG}"
+debug "CF_ORG: ${CF_ORG}"
+
+export CF_SPACE="production"
+export cf_space="${CF_SPACE}"
+debug "CF_SPACE: ${CF_SPACE}"
+
 function unset_vars() {
   unset BOSH_USERNAME
   unset CI_DIR

ci/infrastructure/tasks/deploy-multiapps-controller.yml

@@ -0,0 +1,17 @@
+---
+platform: linux
+
+image_resource:
+  type: registry-image
+  source:
+    repository: ghcr.io/cloudfoundry/app-autoscaler-release-tools
+    tag: main
+
+inputs:
+- name: bbl-state
+- name: ci
+- name: multiapps-controller-web-war
+- name: multiapps-controller-web-manifest
+
+run:
+  path: ci/ci/infrastructure/scripts/deploy-multiapps-controller.sh

ci/infrastructure/tasks/deploy-postgres.yml

@@ -0,0 +1,20 @@
+---
+platform: linux
+
+image_resource:
+  type: registry-image
+  source:
+    repository: ghcr.io/cloudfoundry/app-autoscaler-release-tools
+    tag: main
+
+params:
+  SLACK_WEBHOOK:
+
+inputs:
+- name: bbl-state
+- name: ci
+- name: postgres-release
+- name: postgres-repo
+
+run:
+  path: ci/ci/infrastructure/scripts/deploy-postgres.sh

ci/operations/add-multiapps-databases-to-postgres.yml

@@ -0,0 +1,19 @@
+- type: replace
+  path: /instance_groups/name=postgres/jobs/name=postgres/properties?/databases/databases/name=sandbox?
+  value:
+    name: multiapps_controller
+    citext: true
+
+- type: replace
+  path: /instance_groups/name=postgres/jobs/name=postgres/properties?/databases/roles/name=pgadmin?
+  value:
+    name: pgadmin
+    password: ((pgadmin_database_password))
+    permissions:
+    - "CONNECTION LIMIT 50"
+
+- type: replace
+  path: /variables?/name=pgadmin_database_password?
+  value:
+    name: pgadmin_database_password
+    type: password