mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 21:47:20 +00:00
34cb7ab6d1
- Configures internal alb to log to the same bucket as the public alb - Adds support for osquery-perf task size (cpu/memory) configuration - Updates defaults for osquery-perf extra_flags - Updates default enroll.sh loop sleep_time from 60s -> 300s
216 lines
8.4 KiB
YAML
216 lines
8.4 KiB
YAML
name: Deploy Loadtest - Osquery Perf
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
terraform_workspace:
|
|
description: "Terraform workspace that you will be deploying to."
|
|
type: string
|
|
required: true
|
|
git_tag_branch:
|
|
description: "git Tag or Branch to use for osquery-perf deployment"
|
|
type: string
|
|
default: "main"
|
|
required: true
|
|
loadtest_containers:
|
|
description: "Deploys osquery-perf containers all at once. Total number of osquery-perf tasks to run (should be a multiple of 8, if setting loadtest_containers_starting_index). This is also used as the end index in enroll.sh"
|
|
type: string
|
|
required: true
|
|
loadtest_containers_starting_index:
|
|
description: "Starting Index for enroll.sh. (Default: 0)."
|
|
type: string
|
|
default: 0
|
|
required: true
|
|
task_size:
|
|
description: "CPU and Memory setting for osquery-perf containers. Example: {\"cpu\":\"4098\",\"memory\":\"8192\"}"
|
|
type: string
|
|
default: "{\"cpu\":\"4096\",\"memory\":\"8192\"}"
|
|
required: true
|
|
sleep_time:
|
|
description: "Sleep time (in seconds) between batched osquery container deployments"
|
|
type: string
|
|
default: 300
|
|
required: true
|
|
extra_flags:
|
|
description: "Extra flags for osquery-perf. Example: [\"--orbit_prob\", \"0.0\", \"--host_count\", \"2000\", \"--start_period\", \"20m\"]"
|
|
type: string
|
|
default: "[\"--orbit_prob\", \"0.0\", \"--host_count\", \"2000\", \"--start_period\", \"20m\"]"
|
|
required: false
|
|
terraform_action:
|
|
description: Dry run only? No "terraform apply"
|
|
type: choice
|
|
options:
|
|
- plan
|
|
- apply
|
|
- destroy
|
|
default: plan
|
|
|
|
# This allows a subsequently queued workflow run to interrupt previous runs
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
|
|
cancel-in-progress: true
|
|
|
|
defaults:
|
|
run:
|
|
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
|
|
shell: bash
|
|
working-directory: infrastructure/loadtesting/terraform/osquery_perf
|
|
|
|
env:
|
|
AWS_REGION: us-east-2
|
|
AWS_IAM_ROLE: arn:aws:iam::917007347864:role/github-actions-role
|
|
TF_ACTIONS_WORKING_DIR: infrastructure/loadtesting/terraform/osquery_perf
|
|
TF_VAR_extra_flags: "${{ inputs.extra_flags || '[]' }}"
|
|
TF_VAR_loadtest_containers: "${{ inputs.loadtest_containers }}"
|
|
TF_VAR_git_tag_branch: "${{ inputs.git_tag_branch }}"
|
|
TF_VAR_task_size: "${{ inputs.task_size }}"
|
|
|
|
permissions:
|
|
id-token: write
|
|
contents: read # This is required for actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
|
|
|
jobs:
|
|
deploy:
|
|
name: Deploy Fleet Loadtest Environment
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
|
|
with:
|
|
egress-policy: audit
|
|
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
|
- id: fail-on-main
|
|
run: "false"
|
|
if: ${{ github.ref == 'main' }}
|
|
- uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # v1.7.0
|
|
with:
|
|
role-to-assume: ${{env.AWS_IAM_ROLE}}
|
|
aws-region: ${{ env.AWS_REGION }}
|
|
role-duration-seconds: 10800
|
|
- name: Set up Go
|
|
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
- uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
|
|
with:
|
|
terraform_version: 1.10.2
|
|
terraform_wrapper: false
|
|
- name: Terraform Init
|
|
id: init
|
|
run: terraform init
|
|
- name: Terraform workspace
|
|
id: workspace
|
|
run: |
|
|
if terraform workspace list | grep -q ${{ inputs.terraform_workspace }};
|
|
then
|
|
echo "MATCH - TF_WORKSPACE: ${{ inputs.terraform_workspace }}\n"
|
|
|
|
if [[ ${{ inputs.terraform_action }} = "apply" || ${{ inputs.terraform_action }} = "plan" || ${{ inputs.terraform_action }} = "destroy" ]];
|
|
then
|
|
terraform workspace select ${{ inputs.terraform_workspace }}
|
|
|
|
if [[ $(echo $?) = "0" ]];
|
|
then
|
|
echo "WORKSPACE CHANGED TO ${{ inputs.terraform_workspace }}\n"
|
|
fi
|
|
fi
|
|
else
|
|
echo "NO MATCH - TF_WORKSPACE: ${{ inputs.terraform_workspace }}\n"
|
|
|
|
if [[ ${{ inputs.terraform_action }} = "apply" || ${{ inputs.terraform_action }} = "plan" ]];
|
|
then
|
|
echo "CREATING NEW TERRAFORM WORKSPACE: ${{ inputs.terraform_workspace }}"
|
|
terraform workspace new ${{ inputs.terraform_workspace }}
|
|
|
|
if [[ $(echo $?) = "0" ]];
|
|
then
|
|
echo "TERRAFORM WORKSPACE: SUCCESSFULLY CREATED"
|
|
else
|
|
echo "TERRAFORM WORKSPACE: ERROR CREATING"
|
|
fi
|
|
fi
|
|
fi
|
|
continue-on-error: true
|
|
- name: Terraform fmt
|
|
id: fmt
|
|
run: terraform fmt -check
|
|
continue-on-error: true
|
|
- name: Terraform Validate
|
|
id: validate
|
|
run: terraform validate -no-color
|
|
- name: Terraform Plan
|
|
id: plan
|
|
run: |
|
|
if [[ `terraform workspace show` = "${{ inputs.terraform_workspace }}" ]];
|
|
then
|
|
echo "TERRAFORM WORKSPACE: MATCHES - ${{ inputs.terraform_workspace }}"
|
|
terraform plan -no-color
|
|
else
|
|
echo "TERRAFORM WORKSPACE: DOES NOT MATCH INPUT - ${{ inputs.terraform_workspace }}"
|
|
fi
|
|
continue-on-error: true
|
|
- name: Terraform Apply
|
|
if: inputs.terraform_action == 'apply'
|
|
id: apply
|
|
run: |
|
|
if [[ `terraform workspace show` = "${{ inputs.terraform_workspace }}" ]];
|
|
then
|
|
echo "TERRAFORM WORKSPACE: MATCHES - ${{ inputs.terraform_workspace }}"
|
|
./enroll.sh ${{ inputs.git_tag_branch }} "${{ inputs.task_size }}" ${{ inputs.loadtest_containers_starting_index}} ${{ inputs.loadtest_containers }} ${{ inputs.sleep_time }}
|
|
else
|
|
echo "TERRAFORM WORKSPACE: DOES NOT MATCH INPUT - ${{ inputs.terraform_workspace }}"
|
|
fi
|
|
- name: Terraform Destroy
|
|
if: inputs.terraform_action == 'destroy'
|
|
id: destroy
|
|
run: |
|
|
if [[ `terraform workspace show` = "${{ inputs.terraform_workspace }}" ]];
|
|
then
|
|
echo "TERRAFORM WORKSPACE: MATCHES - ${{ inputs.terraform_workspace }}"
|
|
if [[ ${{ inputs.terraform_action }} = "destroy" ]];
|
|
then
|
|
if [[ $(terraform state list | wc -l) -gt 0 ]];
|
|
then
|
|
echo "RESOURCES DETECTED IN TERRAFORM STATE FILE"
|
|
echo "TERRAFORM DESTROY: STARTED"
|
|
terraform destroy -auto-approve
|
|
|
|
if [[ $(echo $?) = "0" ]];
|
|
then
|
|
echo "TERRAFORM DESTROY: SUCCESSFUL\n"
|
|
TERRAFORM_DELETE_STATUS="complete"
|
|
else
|
|
echo "TERRAFORM DESTROY: ERROR\n"
|
|
TERRAFORM_DELETE_STATUS="error"
|
|
fi
|
|
else
|
|
echo "NO RESOURCES DETECTED IN TERRAFORM STATE FILE"
|
|
TERRAFORM_DELETE_STATUS="complete"
|
|
fi
|
|
|
|
if [[ $TERRAFORM_DELETE_STATUS = "complete" ]];
|
|
then
|
|
echo "SETTING WORKSPACE TO DEFAULT"
|
|
terraform workspace select default
|
|
|
|
if [[ $(echo $?) = "0" ]];
|
|
then
|
|
echo "TERRAFORM WORKSPACE: SUCCESSFULLY SELECTING DEFAULT\n"
|
|
else
|
|
echo "TERRAFORM WORKSPACE: ERROR SELECTING DEFAULT\n"
|
|
fi
|
|
|
|
echo "REMOVING TERRAFORM WORKSPACE: ${{ inputs.terraform_workspace }}"
|
|
terraform workspace delete ${{ inputs.terraform_workspace }}
|
|
|
|
if [[ $(echo $?) = "0" ]];
|
|
then
|
|
echo "TERRAFORM WORKSPACE: SUCCESSFULLY DELETED\n"
|
|
else
|
|
echo "TERRAFORM WORKSPACE: ERROR DELETING\n"
|
|
fi
|
|
fi
|
|
fi
|
|
else
|
|
echo "TERRAFORM WORKSPACE: DOES NOT MATCH INPUT - ${{ inputs.terraform_workspace }}"
|
|
fi
|