Merge branch 'master' into '37970-ci-sections-tracking'

# Conflicts: # db/schema.rb
author: Kamil Trzciński <ayufan@ayufan.eu> 2017-10-07 08:07:33 +0000
committer: Kamil Trzciński <ayufan@ayufan.eu> 2017-10-07 08:07:33 +0000
commit: 5ee20b637553dcb70590edfa30b81d972de37170 (patch)
tree: 7079e097120fc25438b411c6162a1ae81656c129 /app/services/ci
parent: c0cfc9ebd26583c444f2cce1a23f939bfa7d8969 (diff)
parent: d4f3963e98397a0aee4b7a65c76ae404300b41d1 (diff)
download: gitlab-ce-5ee20b637553dcb70590edfa30b81d972de37170.tar.gz
7 files changed, 221 insertions, 0 deletions
diff --git a/app/services/ci/create_cluster_service.rb b/app/services/ci/create_cluster_service.rb
new file mode 100644
index 00000000000..f7ee0e468e2
--- /dev/null
+++ b/app/services/ci/create_cluster_service.rb
@@ -0,0 +1,15 @@
+module Ci
+  class CreateClusterService < BaseService
+    def execute(access_token)
+      params['gcp_machine_type'] ||= GoogleApi::CloudPlatform::Client::DEFAULT_MACHINE_TYPE
+
+      cluster_params =
+        params.merge(user: current_user,
+                     gcp_token: access_token)
+
+      project.create_cluster(cluster_params).tap do |cluster|
+        ClusterProvisionWorker.perform_async(cluster.id) if cluster.persisted?
+      end
+    end
+  end
+end
diff --git a/app/services/ci/fetch_gcp_operation_service.rb b/app/services/ci/fetch_gcp_operation_service.rb
new file mode 100644
index 00000000000..0b68e4d6ea9
--- /dev/null
+++ b/app/services/ci/fetch_gcp_operation_service.rb
@@ -0,0 +1,17 @@
+module Ci
+  class FetchGcpOperationService
+    def execute(cluster)
+      api_client =
+        GoogleApi::CloudPlatform::Client.new(cluster.gcp_token, nil)
+
+      operation = api_client.projects_zones_operations(
+        cluster.gcp_project_id,
+        cluster.gcp_cluster_zone,
+        cluster.gcp_operation_id)
+
+      yield(operation) if block_given?
+    rescue Google::Apis::ServerError, Google::Apis::ClientError, Google::Apis::AuthorizationError => e
+      return cluster.make_errored!("Failed to request to CloudPlatform; #{e.message}")
+    end
+  end
+end
diff --git a/app/services/ci/fetch_kubernetes_token_service.rb b/app/services/ci/fetch_kubernetes_token_service.rb
new file mode 100644
index 00000000000..44da87cb00c
--- /dev/null
+++ b/app/services/ci/fetch_kubernetes_token_service.rb
@@ -0,0 +1,72 @@
+##
+# TODO:
+# Almost components in this class were copied from app/models/project_services/kubernetes_service.rb
+# We should dry up those classes not to repeat the same code.
+# Maybe we should have a special facility (e.g. lib/kubernetes_api) to maintain all Kubernetes API caller.
+module Ci
+  class FetchKubernetesTokenService
+    attr_reader :api_url, :ca_pem, :username, :password
+
+    def initialize(api_url, ca_pem, username, password)
+      @api_url = api_url
+      @ca_pem = ca_pem
+      @username = username
+      @password = password
+    end
+
+    def execute
+      read_secrets.each do |secret|
+        name = secret.dig('metadata', 'name')
+        if /default-token/ =~ name
+          token_base64 = secret.dig('data', 'token')
+          return Base64.decode64(token_base64) if token_base64
+        end
+      end
+
+      nil
+    end
+
+    private
+
+    def read_secrets
+      kubeclient = build_kubeclient!
+
+      kubeclient.get_secrets.as_json
+    rescue KubeException => err
+      raise err unless err.error_code == 404
+      []
+    end
+
+    def build_kubeclient!(api_path: 'api', api_version: 'v1')
+      raise "Incomplete settings" unless api_url && username && password
+
+      ::Kubeclient::Client.new(
+        join_api_url(api_path),
+        api_version,
+        auth_options: { username: username, password: password },
+        ssl_options: kubeclient_ssl_options,
+        http_proxy_uri: ENV['http_proxy']
+      )
+    end
+
+    def join_api_url(api_path)
+      url = URI.parse(api_url)
+      prefix = url.path.sub(%r{/+\z}, '')
+
+      url.path = [prefix, api_path].join("/")
+
+      url.to_s
+    end
+
+    def kubeclient_ssl_options
+      opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
+
+      if ca_pem.present?
+        opts[:cert_store] = OpenSSL::X509::Store.new
+        opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
+      end
+
+      opts
+    end
+  end
+end
diff --git a/app/services/ci/finalize_cluster_creation_service.rb b/app/services/ci/finalize_cluster_creation_service.rb
new file mode 100644
index 00000000000..347875c5697
--- /dev/null
+++ b/app/services/ci/finalize_cluster_creation_service.rb
@@ -0,0 +1,33 @@
+module Ci
+  class FinalizeClusterCreationService
+    def execute(cluster)
+      api_client =
+        GoogleApi::CloudPlatform::Client.new(cluster.gcp_token, nil)
+
+      begin
+        gke_cluster = api_client.projects_zones_clusters_get(
+          cluster.gcp_project_id,
+          cluster.gcp_cluster_zone,
+          cluster.gcp_cluster_name)
+      rescue Google::Apis::ServerError, Google::Apis::ClientError, Google::Apis::AuthorizationError => e
+        return cluster.make_errored!("Failed to request to CloudPlatform; #{e.message}")
+      end
+
+      endpoint = gke_cluster.endpoint
+      api_url = 'https://' + endpoint
+      ca_cert = Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate)
+      username = gke_cluster.master_auth.username
+      password = gke_cluster.master_auth.password
+
+      kubernetes_token = Ci::FetchKubernetesTokenService.new(
+        api_url, ca_cert, username, password).execute
+
+      unless kubernetes_token
+        return cluster.make_errored!('Failed to get a default token of kubernetes')
+      end
+
+      Ci::IntegrateClusterService.new.execute(
+        cluster, endpoint, ca_cert, kubernetes_token, username, password)
+    end
+  end
+end
diff --git a/app/services/ci/integrate_cluster_service.rb b/app/services/ci/integrate_cluster_service.rb
new file mode 100644
index 00000000000..d123ce8d26b
--- /dev/null
+++ b/app/services/ci/integrate_cluster_service.rb
@@ -0,0 +1,26 @@
+module Ci
+  class IntegrateClusterService
+    def execute(cluster, endpoint, ca_cert, token, username, password)
+      Gcp::Cluster.transaction do
+        cluster.update!(
+          enabled: true,
+          endpoint: endpoint,
+          ca_cert: ca_cert,
+          kubernetes_token: token,
+          username: username,
+          password: password,
+          service: cluster.project.find_or_initialize_service('kubernetes'),
+          status_event: :make_created)
+
+        cluster.service.update!(
+          active: true,
+          api_url: cluster.api_url,
+          ca_pem: ca_cert,
+          namespace: cluster.project_namespace,
+          token: token)
+      end
+    rescue ActiveRecord::RecordInvalid => e
+      cluster.make_errored!("Failed to integrate cluster into kubernetes_service: #{e.message}")
+    end
+  end
+end
diff --git a/app/services/ci/provision_cluster_service.rb b/app/services/ci/provision_cluster_service.rb
new file mode 100644
index 00000000000..52d80b01813
--- /dev/null
+++ b/app/services/ci/provision_cluster_service.rb
@@ -0,0 +1,36 @@
+module Ci
+  class ProvisionClusterService
+    def execute(cluster)
+      api_client =
+        GoogleApi::CloudPlatform::Client.new(cluster.gcp_token, nil)
+
+      begin
+        operation = api_client.projects_zones_clusters_create(
+          cluster.gcp_project_id,
+          cluster.gcp_cluster_zone,
+          cluster.gcp_cluster_name,
+          cluster.gcp_cluster_size,
+          machine_type: cluster.gcp_machine_type)
+      rescue Google::Apis::ServerError, Google::Apis::ClientError, Google::Apis::AuthorizationError => e
+        return cluster.make_errored!("Failed to request to CloudPlatform; #{e.message}")
+      end
+
+      unless operation.status == 'RUNNING' || operation.status == 'PENDING'
+        return cluster.make_errored!("Operation status is unexpected; #{operation.status_message}")
+      end
+
+      cluster.gcp_operation_id = api_client.parse_operation_id(operation.self_link)
+
+      unless cluster.gcp_operation_id
+        return cluster.make_errored!('Can not find operation_id from self_link')
+      end
+
+      if cluster.make_creating
+        WaitForClusterCreationWorker.perform_in(
+          WaitForClusterCreationWorker::INITIAL_INTERVAL, cluster.id)
+      else
+        return cluster.make_errored!("Failed to update cluster record; #{cluster.errors}")
+      end
+    end
+  end
+end
diff --git a/app/services/ci/update_cluster_service.rb b/app/services/ci/update_cluster_service.rb
new file mode 100644
index 00000000000..70d88fca660
--- /dev/null
+++ b/app/services/ci/update_cluster_service.rb
@@ -0,0 +1,22 @@
+module Ci
+  class UpdateClusterService < BaseService
+    def execute(cluster)
+      Gcp::Cluster.transaction do
+        cluster.update!(params)
+
+        if params['enabled'] == 'true'
+          cluster.service.update!(
+            active: true,
+            api_url: cluster.api_url,
+            ca_pem: cluster.ca_cert,
+            namespace: cluster.project_namespace,
+            token: cluster.kubernetes_token)
+        else
+          cluster.service.update!(active: false)
+        end
+      end
+    rescue ActiveRecord::RecordInvalid => e
+      cluster.errors.add(:base, e.message)
+    end
+  end
+end
author	Kamil Trzciński <ayufan@ayufan.eu>	2017-10-07 08:07:33 +0000
committer	Kamil Trzciński <ayufan@ayufan.eu>	2017-10-07 08:07:33 +0000
commit	5ee20b637553dcb70590edfa30b81d972de37170 (patch)
tree	7079e097120fc25438b411c6162a1ae81656c129 /app/services/ci
parent	c0cfc9ebd26583c444f2cce1a23f939bfa7d8969 (diff)
parent	d4f3963e98397a0aee4b7a65c76ae404300b41d1 (diff)
download	gitlab-ce-5ee20b637553dcb70590edfa30b81d972de37170.tar.gz