Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate from fleet-ci bucket to Ingest bucket #3240

Closed
2 tasks done
jlind23 opened this issue Jan 29, 2024 · 2 comments
Closed
2 tasks done

Migrate from fleet-ci bucket to Ingest bucket #3240

jlind23 opened this issue Jan 29, 2024 · 2 comments
Assignees
@sharbuz
Labels
Team:Fleet Label for the Fleet team

Comments

@jlind23
Copy link
Contributor

jlind23 commented Jan 29, 2024
edited by sharbuz
Loading

In our Buildkite pipelines we are still relying on the fleet-ci buckets for DRA stage.
We need to stop using this one and rather start pushing artifacts to the ingest specific pipelines.
This change should be then back ported to the following branches:

  • 7.17
  • 8.12

https://github.com/elastic/fleet-server/blob/5e8a1e9f9f3cf9d7b97e8c41a7c6611b414eca55/.buildkite/hooks/pre-command#L11C1-L11C27
@jlind23 jlind23 added the Team:Fleet Label for the Fleet team label Jan 29, 2024
@jlind23
Copy link
Contributor Author

jlind23 commented Jan 29, 2024

@mrodm Looking at this it should be as easy as updating the vault value used to retrieved the gcs bucket name right?

Bucket name is retrieved here:

fleet-server/.buildkite/hooks/pre-command

Line 65 in 5e8a1e9

export JOB_GCS_BUCKET=$(retry 5 vault kv get -field plaintext ${JOB_GCS_BUCKET_SECRET_PATH})

And bucket is used here:

fleet-server/.buildkite/scripts/common.sh

Line 105 in 5e8a1e9

upload_packages_to_gcp_bucket() {

@mrodm
Copy link
Contributor

mrodm commented Jan 29, 2024

It's also used in get_bucket_uri():

fleet-server/.buildkite/scripts/common.sh

Line 121 in 5e8a1e9

local baseUri="gs://${JOB_GCS_BUCKET}/jobs" #TODO: needs to add the "/buildkite" for rollback

The problem of updating the value directly in that vault path is that it could not be tested if that works or not in advance, and other builds (of any branch or PR) could fail.

It is needed to ensure that the current service account has the required permissions to upload/write files into the new bucket. The service account used here is retrieved from this vault path:

fleet-server/.buildkite/hooks/pre-command

Line 9 in 5e8a1e9

PRIVATE_CI_GCS_CREDENTIALS_PATH="kv/ci-shared/platform-ingest/private_ci_artifacts_gcs_credentials"

NOTE: Just realized that get_bucket_uri() function is duplicated in buildkite/scripts/common.sh, and it could be removed one of them:

fleet-server/.buildkite/scripts/common.sh

Lines 119 to 139 in 5e8a1e9

get_bucket_uri() {
local type=${1}
local baseUri="gs://${JOB_GCS_BUCKET}/jobs" #TODO: needs to add the "/buildkite" for rollback
if [[ ${type} == "snapshot" ]]; then
local folder="commits"
else
local folder="${type}"
fi
bucketUri="${baseUri}/${folder}/${BUILDKITE_COMMIT}"
}
get_bucket_uri() {
local type=${1}
local baseUri="gs://${JOB_GCS_BUCKET}/jobs" #TODO: needs to add the "/buildkite" for rollback
if [[ ${type} == "snapshot" ]]; then
local folder="commits"
else
local folder="${type}"
fi
bucketUri="${baseUri}/${folder}/${BUILDKITE_COMMIT}"
}

@sharbuz sharbuz mentioned this issue Jan 30, 2024
Merged
@jlind23 jlind23 closed this as completed Jan 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sharbuz sharbuz

Labels
Team:Fleet Label for the Fleet team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mrodm @jlind23 @sharbuz