Slice 2: Create unified airgap infra pipeline (Jenkinsfile.airgap-rke2-infra)

[floatingman]

Parent PRD

#585

What to build

Create a single Declarative Pipeline Jenkinsfile.airgap-rke2-infra that replaces both Jenkinsfile.setup.airgap.rke2 (299 lines) and Jenkinsfile.destroy.airgap.rke2 (157 lines) with an ACTION parameter controlling whether to set up or tear down infrastructure.

This pipeline consumes the shared functions added in #589 to eliminate all duplicated checkout, tofu lifecycle, S3 artifact, and Ansible configuration logic. It coexists alongside the original files during migration.

Setup flow (ACTION=setup):

1. Standard dual-repo checkout via airgap.standardCheckout
2. Build Dockerfile.infra image
3. Configure SSH keys via airgap.configureAnsible
4. Tofu init → workspace create → apply (using shared lifecycle function)
5. Upload terraform.tfvars to S3 via s3.uploadArtifact
6. Configure Ansible variables and inventory
7. Deploy RKE2 via tarball playbook (with retry)
8. Optionally configure private registry
9. Optionally deploy Rancher via helm (controlled by DEPLOY_RANCHER parameter)
10. Output infrastructure details (bastion DNS, LB hostnames)

Destroy flow (ACTION=destroy):

1. Standard dual-repo checkout
2. Build Dockerfile.infra image
3. Initialize tofu backend
4. Select existing workspace (requires TARGET_WORKSPACE parameter)
5. Download terraform.tfvars from S3 via s3.downloadArtifact
6. Tofu destroy + delete workspace via airgap.teardownInfrastructure
7. Delete tfvars from S3 via s3.deleteArtifact
8. Clean up local artifacts

Error handling: If setup fails and DESTROY_ON_FAILURE=true, the post { failure } block triggers teardown via the same shared function used by the destroy action.

Parameters (harmonized):

• ACTION (choice: setup/destroy)
• DEPLOY_RANCHER (boolean, default: true) — only applies to setup
• DESTROY_ON_FAILURE (boolean, default: true)
• TARGET_WORKSPACE (string) — required for destroy, the workspace to tear down
• QA_JENKINS_LIBRARY_BRANCH, TESTS_BRANCH, QA_INFRA_BRANCH — standard branch parameters with harmonized defaults

Acceptance criteria

• Jenkinsfile.airgap-rke2-infra created in Declarative Pipeline syntax
• ACTION=setup produces identical AWS resources as Jenkinsfile.setup.airgap.rke2
• ACTION=destroy cleanly removes all resources as Jenkinsfile.destroy.airgap.rke2
• DEPLOY_RANCHER=false skips Rancher helm deployment during setup
• S3 tfvars upload works during setup (same path pattern as original)
• S3 tfvars download works during destroy (same path pattern as original)
• DESTROY_ON_FAILURE=true triggers cleanup on failed setup via post { failure } block
• All shared functions from Slice 1: Add shared pipeline functions to qa-jenkins-library #589 are consumed (no duplicated checkout/tofu/ansible/S3 logic)
• Original Jenkinsfiles remain untouched (parallel coexistence)
• Pipeline passes at least 2 successful live execution cycles for each ACTION

Blocked by

• Blocked by Slice 1: Add shared pipeline functions to qa-jenkins-library #589 (shared pipeline functions must be available)

User stories addressed

• User story 1 (setup + destroy as single pipeline with ACTION parameter)
• User story 2 (ACTION=setup, ACTION=destroy)
• User story 3 (DEPLOY_RANCHER remains optional)
• User story 4 (tfvars uploaded/downloaded via shared S3 function)
• User story 5 (tofu lifecycle via shared function)
• User story 6 (Ansible configuration via shared function)
• User story 7 (checkout via shared function)
• User story 8 (consistent infrastructure detail output)
• User story 21 (Declarative Pipeline syntax)
• User story 22 (parallel coexistence with originals)
• User story 23 (simplified naming)
• User story 24 (harmonized parameters)