Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(packer) create image galleries in the new subscription #560

Conversation

dduportal
Copy link
Contributor

@dduportal dduportal commented Dec 21, 2023

Ref. jenkins-infra/helpdesk#3818 (comment)

This PR creates the shared gallery in the new subscription:

  • 3 resource groups (dev, staging and prod) with one gallery each
  • 4 images on each gallery

IMPORTANT: this PR sets the ground to move everything to US East 2 (faster packer builds and we don't use East US since 1.5 years for agents). It cannot do all "eastus" -> "eastus2" changes yet though as changing location marks a resource group/gallery to be deleted, while we only want to create new resources (terraform forgets the old resource when only changing provider).

IMPORTANT (2): I've removed the 4 role assignments which are required for the 4 controllers (ci, trusted, cert and infra) to read the shared gallery to spin up agent. The build >= 3 for this PR should only mark 3 resources to delete (the role assignment of the packer_sp itself):

terraform state rm 'module.cert_ci_jenkins_io.azurerm_role_assignment.controller_read_packer_prod_images[0]'
terraform state rm 'module.trusted_ci_jenkins_io.azurerm_role_assignment.controller_read_packer_prod_images[0]'
terraform state rm 'module.ci_jenkins_io.azurerm_role_assignment.controller_read_packer_prod_images[0]'
terraform state rm 'azurerm_role_assignment.infra_ci_jenkins_io_allow_packer'

@dduportal
Copy link
Contributor Author

Plan: 22 to add, 0 to change, 3 to destroy. as expected: self-merging (code was written and "terraform planned" in pair with @smerle33 )

@dduportal dduportal marked this pull request as ready for review December 21, 2023 11:40
@dduportal dduportal requested a review from a team December 21, 2023 11:40
@dduportal dduportal merged commit acff176 into jenkins-infra:main Dec 21, 2023
7 checks passed
@dduportal dduportal deleted the feat/packer/useast2-and-new-subscriptions branch December 21, 2023 11:41
@dduportal
Copy link
Contributor Author

dduportal commented Dec 21, 2023

Errors while executing, like the following

│ Error: creating/updating Shared Image: (Image Name "jenkins-agent-ubuntu-22.04-arm64" / Gallery Name "dev_packer_images" / Resource Group "dev-packer-images"): compute.GalleryImagesClient#CreateOrUpdate: Failure sending request: StatusCode=404 -- Original Error: Code="ParentResourceNotFound" Message="Failed to perform 'write' on resource(s) of type 'galleries/images', because the parent resource '/subscriptions/<redacted>/resourceGroups/dev-packer-images/providers/Microsoft.Compute/galleries/dev_packer_images' could not be found."

Removed the galleries from state with:

for g in $(terraform state list | grep 'azurerm_shared_image');do terraform state rm "$g";done

New plan states: Plan: 15 to add, 0 to change, 0 to destroy., triggered a new build as it looks good

@dduportal
Copy link
Contributor Author

New galleries created \o/

dduportal added a commit that referenced this pull request Dec 21, 2023
Follow up of #560 

Ref.
jenkins-infra/helpdesk#3818 (comment)

This PR ensures that all the packer resources defined in the new
subscription (and only these) are migrated to US East 2 to solve errors
found in jenkins-infra/packer-images#959


Expecting 23 resources to be re-created:
- 4 RGs on the 6 are in us east today
- 4 role assignements (as the 4 RGs changed)
- 3 galleries
- 12 images (4 per gallery

Signed-off-by: Damien Duportal <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant