diff --git a/jenkins-pipelines/enterprise/artifacts/artifacts-docker-fips.jenkinsfile b/jenkins-pipelines/enterprise/artifacts/artifacts-docker-fips.jenkinsfile new file mode 100644 index 0000000000..400453f528 --- /dev/null +++ b/jenkins-pipelines/enterprise/artifacts/artifacts-docker-fips.jenkinsfile @@ -0,0 +1,13 @@ +#! groovy + +// trick from https://github.com/jenkinsci/workflow-cps-global-lib-plugin/pull/43 +def lib = library identifier: 'sct@snapshot', retriever: legacySCM(scm) + +artifactsPipeline( + test_config: 'test-cases/artifacts/docker.yaml', + backend: 'docker', + region: 'fips', + + timeout: [time: 30, unit: 'MINUTES'], + post_behavior_db_nodes: 'destroy' +) diff --git a/sdcm/sct_runner.py b/sdcm/sct_runner.py index 2afe87d008..b6b227239e 100644 --- a/sdcm/sct_runner.py +++ b/sdcm/sct_runner.py @@ -49,7 +49,7 @@ gce_meta_to_dict, list_instances_aws, list_instances_gce, - str_to_bool, + str_to_bool, convert_name_to_ami_if_needed, ) from sdcm.utils.aws_utils import ec2_instance_wait_public_ip, ec2_ami_get_root_device_name, tags_as_ec2_tags, EC2NetworkConfiguration from sdcm.utils.aws_region import AwsRegion @@ -548,6 +548,9 @@ def _create_instance(self, interfaces[-1]["AssociatePublicIpAddress"] = not address_pool LOGGER.info("Creating instance...") + base_image = convert_name_to_ami_if_needed( + ami_id_param=base_image, region_names=tuple([aws_region.region_name])) + result = aws_region.resource.create_instances( ImageId=base_image, InstanceType=instance_type, @@ -1349,3 +1352,8 @@ def clean_sct_runners(test_status: str, end_message = "No runners have been terminated" LOGGER.info(end_message) + + +class AwsFipsSctRunner(AwsSctRunner): + VERSION = f"{SctRunner.VERSION}-fips" + BASE_IMAGE = 'resolve:ssm:/aws/service/marketplace/prod-k6fgbnayirmrc/latest' diff --git a/sdcm/utils/aws_builder.py b/sdcm/utils/aws_builder.py index 2f435614fe..7fad4922b0 100644 --- a/sdcm/utils/aws_builder.py +++ b/sdcm/utils/aws_builder.py @@ -21,8 +21,9 @@ import requests from sdcm.utils.aws_region import AwsRegion -from sdcm.sct_runner import AwsSctRunner +from sdcm.sct_runner import AwsSctRunner, AwsFipsSctRunner from sdcm.keystore import KeyStore +from sdcm.utils.common import wait_ami_available LOGGER = logging.getLogger(__name__) @@ -123,6 +124,7 @@ def get_root_ebs_info_from_ami(self, ami_id: str) -> str: return res.block_device_mappings[0].get('Ebs', {}) def get_launch_template_data(self, runner: AwsSctRunner) -> dict: + wait_ami_available(self.region.client, runner.image.id) return dict( LaunchTemplateData={ 'BlockDeviceMappings': [ @@ -168,9 +170,13 @@ def update_launch_template_if_needed(self, runner): if not error.response['Error']['Code'] == 'InvalidLaunchTemplateName.AlreadyExistsException': raise + @property + def sct_runner(self): + return AwsSctRunner(region_name=self.region.region_name, availability_zone='a', params=None) + def create_launch_template(self): click.secho(f"{self.region.region_name}: create_launch_template") - runner = AwsSctRunner(region_name=self.region.region_name, availability_zone='a', params=None) + runner = self.sct_runner if not runner.image: runner.create_image() try: @@ -300,3 +306,22 @@ def name(self): @cached_property def jenkins_labels(self): return f"aws-sct-builders-{self.region.region_name}-{self.VERSION}-CI" + + +class AwsFipsCiBuilder(AwsBuilder): + NUM_CPUS = 2 + NUM_EXECUTORS = 1 + VERSION = 'v3-fibs' + + @cached_property + def name(self): + # example: aws-eu-central-1-qa-builder-v2-1 + return f"aws-{self.region.region_name}-qa-builder-{self.VERSION}-{self.number}-CI-FIPS" + + @cached_property + def jenkins_labels(self): + return f"aws-sct-builders-{self.region.region_name}-{self.VERSION}-CI-FIPS" + + @property + def sct_runner(self): + return AwsFipsSctRunner(region_name=self.region.region_name, availability_zone='a', params=None) diff --git a/vars/getCloudProviderFromBackend.groovy b/vars/getCloudProviderFromBackend.groovy index fe754e3c72..7ca3761c98 100644 --- a/vars/getCloudProviderFromBackend.groovy +++ b/vars/getCloudProviderFromBackend.groovy @@ -9,7 +9,8 @@ def call(String backend) { 'gce-siren': 'gce', 'azure': 'azure', 'docker': 'aws', - 'baremetal': 'aws' + 'baremetal': 'aws', + 'docker-fips': 'aws-fips', ] if (!backend) { return backend diff --git a/vars/getJenkinsLabels.groovy b/vars/getJenkinsLabels.groovy index eb718628ac..89a0811e72 100644 --- a/vars/getJenkinsLabels.groovy +++ b/vars/getJenkinsLabels.groovy @@ -29,11 +29,13 @@ def call(String backend, String region=null, String datacenter=null, String loca 'gce-us-central1': "${gcp_project}-builders-us-central1-template-v2", 'gce': "${gcp_project}-builders-us-east1-template-v2", 'aws': 'aws-sct-builders-eu-west-1-v3-asg', - 'azure-eastus': 'aws-sct-builders-us-east-1-v3-asg'] + 'azure-eastus': 'aws-sct-builders-us-east-1-v3-asg', + 'aws-fips': 'aws-sct-builders-us-east-1-v3-fibs-CI-FIPS', + ] def cloud_provider = getCloudProviderFromBackend(backend) - if ((cloud_provider == 'aws' && region) || (cloud_provider == 'gce' && datacenter) || (cloud_provider == 'azure' && location)) { + if ((cloud_provider == 'aws' && region) || (cloud_provider == 'gce' && datacenter) || (cloud_provider == 'azure' && location) || (cloud_provider == 'aws-fibs' && region)) { def supported_regions = [] if (cloud_provider == 'aws') { @@ -62,6 +64,8 @@ def call(String backend, String region=null, String datacenter=null, String loca } else { throw new Exception("=================== ${cloud_provider} region ${region} not supported ! ===================") } + } else if (region == 'fips') { + return [ "label": jenkins_labels['aws-fips'], "region": '' ] } else { return [ "label": jenkins_labels[cloud_provider], "region": region ] }