-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathconfig.xml
More file actions
227 lines (205 loc) · 9.14 KB
/
config.xml
File metadata and controls
227 lines (205 loc) · 9.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
<?xml version='1.1' encoding='UTF-8'?>
<project>
<actions/>
<description>This would be cleaner and more portable if it was a python script that check for initialization.</description>
<keepDependencies>false</keepDependencies>
<properties>
<hudson.model.ParametersDefinitionProperty>
<parameterDefinitions>
<hudson.model.StringParameterDefinition>
<name>target_stack</name>
<trim>false</trim>
</hudson.model.StringParameterDefinition>
<hudson.model.StringParameterDefinition>
<name>git_hash</name>
<trim>false</trim>
</hudson.model.StringParameterDefinition>
</parameterDefinitions>
</hudson.model.ParametersDefinitionProperty>
</properties>
<scm class="hudson.plugins.git.GitSCM" plugin="git@5.2.0">
<configVersion>2</configVersion>
<userRemoteConfigs>
<hudson.plugins.git.UserRemoteConfig>
<url>${infrastructure_git_repo}</url>
</hudson.plugins.git.UserRemoteConfig>
</userRemoteConfigs>
<branches>
<hudson.plugins.git.BranchSpec>
<name>${git_hash}</name>
</hudson.plugins.git.BranchSpec>
</branches>
<doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
<submoduleCfg class="empty-list"/>
<extensions/>
</scm>
<canRoam>true</canRoam>
<disabled>false</disabled>
<blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
<blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
<triggers/>
<concurrentBuild>false</concurrentBuild>
<builders>
<hudson.tasks.Shell>
<command>#!/bin/bash
set -e
# Source folder containing the scripts
source_scripts_folder="${JENKINS_HOME}/workspace/Bash_Functions/"
ls -la "$source_scripts_folder"
# Iterate through the files in the folder and source them
for script_file in "$source_scripts_folder"*.sh; do
chmod +x "$script_file"
if [ -f "$script_file" ] && [ -x "$script_file" ]; then
echo "sourcing $script_file"
source "$script_file"
fi
done
cd app-infrastructure
aws s3 cp s3://$stack_s3_bucket/deployment_state_metadata/${target_stack}/terraform.tfstate .
terraform init
output_names=$(terraform output -json | jq -r 'keys[]')
echo "Output names: $output_names"
falcon_check_failed=false
for output_name in $output_names; do
reset_role
assume_role
echo "Current instance: ${output_name}."
INSTANCE_ID=`terraform output "${output_name}"`
# Skip if the instance ID is empty or is not a valid instance-id
if [ -z "$INSTANCE_ID" ] || ! [[ "$INSTANCE_ID" =~ ^i-[a-fA-F0-9]{17}$ ]]; then
echo "No instance ID for output ${output_name}. Skipping..."
continue
fi
echo "Instance-id is $INSTANCE_ID"
aws --region=us-east-1 ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCE_ID}"
while [ $(aws --region=us-east-1 ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCE_ID}" | grep InitComplete | wc -l ) -eq 0 ]; do
# avoid role timeout by assuming role continously
reset_role
assume_role
echo "${output_name} EC2 still initializing"
sleep 60
done
echo "${output_name} EC2 Initialization Complete"
# Verify CrowdStrike Falcon Sensor is running and connected
echo "Checking CrowdStrike Falcon Sensor status on ${output_name} (${INSTANCE_ID})..."
falcon_command_json=$(jq -n '{commands: ["sudo systemctl status falcon-sensor.service"]}')
falcon_command_id=$(aws ssm send-command \
--instance-ids "${INSTANCE_ID}" \
--document-name "AWS-RunShellScript" \
--comment "Check CrowdStrike Falcon Sensor status" \
--parameters "$falcon_command_json" \
--query "Command.CommandId" \
--output text)
# Wait for the command to complete (timeout after 30 attempts / ~150 seconds)
falcon_max_attempts=10
falcon_attempt=0
while true; do
falcon_attempt=$((falcon_attempt + 1))
if [[ ${falcon_attempt} -gt ${falcon_max_attempts} ]]; then
echo "ERROR: Timed out waiting for Falcon Sensor status check on ${output_name} (${INSTANCE_ID}) after ${falcon_max_attempts} attempts."
falcon_check_failed=true
break
fi
falcon_status=$(aws ssm get-command-invocation --command-id ${falcon_command_id} --instance-id ${INSTANCE_ID} --query 'Status' --output text)
if [[ "${falcon_status}" == "Success" ]]; then
break
elif [[ "${falcon_status}" == "Failed" || "${falcon_status}" == "Cancelled" || "${falcon_status}" == "TimedOut" ]]; then
echo "ERROR: Failed to check Falcon Sensor on ${output_name} (${INSTANCE_ID}). Command status: ${falcon_status}"
aws ssm get-command-invocation --command-id ${falcon_command_id} --instance-id ${INSTANCE_ID} --query 'StandardErrorContent' --output text
falcon_check_failed=true
break
else
echo "Waiting for Falcon Sensor status check... (${falcon_status}) [attempt ${falcon_attempt}/${falcon_max_attempts}]"
sleep 5
fi
done
falcon_output=$(aws ssm get-command-invocation --command-id ${falcon_command_id} --instance-id ${INSTANCE_ID} --query 'StandardOutputContent' --output text)
echo "$falcon_output"
# Verify the sensor is active and connected
if ! echo "$falcon_output" | grep -q "Active: active (running)"; then
echo "ERROR: CrowdStrike Falcon Sensor is NOT running on ${output_name} (${INSTANCE_ID})"
falcon_check_failed=true
elif ! echo "$falcon_output" | grep -q "ConnectToCloud successful"; then
echo "WARNING: CrowdStrike Falcon Sensor may not be connected to cloud on ${output_name} (${INSTANCE_ID})"
falcon_check_failed=true
else
echo "CrowdStrike Falcon Sensor verified on ${output_name} (${INSTANCE_ID})"
fi
done
if [[ "$falcon_check_failed" == "true" ]]; then
echo "One or more instances failed the CrowdStrike Falcon Sensor check. Marking build as unstable."
exit 2
fi
</command>
<configuredLocalRules/>
<unstableReturn>2</unstableReturn>
</hudson.tasks.Shell>
<hudson.tasks.Shell>
<command># json tag schema. Used to uniquely identify a projects staging instances.
cat <<EOF > staging_httpd_tags_file.json
[
{
"Name": "tag:Stack",
"Values": ["$target_stack"]
},
{
"Name": "tag:Node",
"Values": ["HTTPD"]
},
{
"Name": "tag:Project",
"Values": ["$env_project"]
}
]
EOF</command>
<configuredLocalRules/>
</hudson.tasks.Shell>
<hudson.tasks.Shell>
<command>#!/bin/bash
# Source folder containing the scripts
source_scripts_folder="${JENKINS_HOME}/workspace/Bash_Functions/"
ls -la "$source_scripts_folder"
# Iterate through the files in the folder and source them
for script_file in "$source_scripts_folder"*.sh; do
chmod +x "$script_file"
if [ -f "$script_file" ] && [ -x "$script_file" ]; then
echo "sourcing $script_file"
source "$script_file"
fi
done
cd "$WORKSPACE"
assume_role
# register new deployment to staging ( register green )
echo "registering new deployment to staging ( register green )"
target_group_vpc=$(get_target_group_vpc_by_tg_name $staging_tg_name)
staging_target_group_arn=$(get_target_group_arn_by_name "$staging_tg_name")
staging_httpd_instance_prv_ips=($(get_private_ip_by_tags "staging_httpd_tags_file.json"))
if [ -z "${staging_httpd_instance_prv_ips}" ]; then
echo "No private IPs found when registering target groups."
echo "Ensure nodes have been created with proper tags for Node,Project and Stack keys."
exit 1
else
register_targets "$target_group_vpc" "$staging_target_group_arn" "${staging_httpd_instance_prv_ips[@]}"
# Wait for draining
wait_for_target_group_health "$staging_target_group_arn" "HEALTHY" "${staging_httpd_instance_prv_ips[@]}"
fi
reset_role</command>
<configuredLocalRules/>
</hudson.tasks.Shell>
</builders>
<publishers/>
<buildWrappers>
<hudson.plugins.ws__cleanup.PreBuildCleanup plugin="ws-cleanup@0.45">
<deleteDirs>false</deleteDirs>
<cleanupParameter></cleanupParameter>
<externalDelete></externalDelete>
<disableDeferredWipeout>false</disableDeferredWipeout>
</hudson.plugins.ws__cleanup.PreBuildCleanup>
<hudson.plugins.build__timeout.BuildTimeoutWrapper plugin="build-timeout@1.31">
<strategy class="hudson.plugins.build_timeout.impl.AbsoluteTimeOutStrategy">
<timeoutMinutes>240</timeoutMinutes>
</strategy>
<operationList/>
</hudson.plugins.build__timeout.BuildTimeoutWrapper>
</buildWrappers>
</project>