gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

DEV-1229 Switch to ansible-builder v3

Browse Source
main
Michael Hähnel 2 years ago
parent 2ea8479002
commit 0698aaf234
6 changed files with 66 additions and 85 deletions
Show Stats Download Patch File Download Diff File

56
.gitlab-ci.yml
Unescape Escape View File

@ -4,10 +4,10 @@ variables:
ANSIBLE_HOST_KEY_CHECKING: "false"
ANSIBLE_FORCE_COLOR: "true"
image: docker.dev-at.de/smardigo/smardigo-ci-ansible
image: docker.dev-at.de/gitlab/gitlab-ci-ansible:latest
services:
- name: docker-cache.dev-at.de/docker:19-dind
- name: docker.dev-at.de/gitlab/gitlab-ci-ansible:latest
alias: docker
stages:
@ -24,11 +24,11 @@ stages:
###############################################################################
### http://patorjk.com/software/taag/#p=display&f=Doom&t=lint
### _ _ _
### | (_) | |
### | |_ _ __ | |_
### _ _ _
### | (_) | |
### | |_ _ __ | |_
### | | | '_ \| __|
### | | | | | | |_
### | | | | | | |_
### |_|_|_| |_|\__|
###
###############################################################################
@ -47,13 +47,13 @@ lint-job:
###############################################################################
### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible-builder
### _ _ _ _ _ _ _
### (_) | | | | | (_) | | |
### __ _ _ __ ___ _| |__ | | ___ ______| |__ _ _ _| | __| | ___ _ __
### _ _ _ _ _ _ _
### (_) | | | | | (_) | | |
### __ _ _ __ ___ _| |__ | | ___ ______| |__ _ _ _| | __| | ___ _ __
### / _` | '_ \/ __| | '_ \| |/ _ \______| '_ \| | | | | |/ _` |/ _ \ '__|
### | (_| | | | \__ \ | |_) | | __/ | |_) | |_| | | | (_| | __/ |
### \__,_|_| |_|___/_|_.__/|_|\___| |_.__/ \__,_|_|_|\__,_|\___|_|
###
### | (_| | | | \__ \ | |_) | | __/ | |_) | |_| | | | (_| | __/ |
### \__,_|_| |_|___/_|_.__/|_|\___| |_.__/ \__,_|_|_|\__,_|\___|_|
###
###############################################################################
.builder-job:
@ -62,8 +62,8 @@ lint-job:
- echo "CI_ENVIRONMENT_NAME=$CI_ENVIRONMENT_NAME"
script:
- cp $SSH_KEY_GITLAB_CI_BUILDER_FILE ansible-builder/context/id_ed25519
- echo "Running docker build to build awx execution environment"
- docker build -f ansible-builder/context/Dockerfile -t ${CI_ENVIRONMENT_NAME}-${AWX_EE_DOCKER_IMAGE_EXTERN}:latest .
- echo "Running ansible-builder to build awx execution environment"
- ansible-builder build -f ansible-builder/context/Dockerfile --tag ${CI_ENVIRONMENT_NAME}-${AWX_EE_DOCKER_IMAGE_EXTERN}:latest -c ansible-builder/context
- docker push ${CI_ENVIRONMENT_NAME}-${AWX_EE_DOCKER_IMAGE_EXTERN}:latest
except:
- schedules
@ -147,22 +147,22 @@ builder-job-prodnso-manual:
###############################################################################
### http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml
### _ _
### _ _
### | | | |
### ___ ___| |_ _ _ _ __ _ _ _ __ ___ | |
### / __|/ _ \ __| | | | '_ \| | | | '_ ` _ \| |
### \__ \ __/ |_| |_| | |_) | |_| | | | | | | |
### |___/\___|\__|\__,_| .__(_)__, |_| |_| |_|_|
### | | __/ |
### |_| |___/
###
### | | __/ |
### |_| |___/
###
###############################################################################
.run-setup:
extends: .run-ansible
stage: run-setup
before_script:
- echo "CI_ENVIRONMENT_NAME=$CI_ENVIRONMENT_NAME"
- echo "CI_ENVIRONMENT_NAME=$CI_ENVIRONMENT_NAME"
script:
- "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )"
- eval $(ssh-agent -s)
@ -237,18 +237,17 @@ run-setup-demompmx:
only:
- prodnso
###############################################################################
### http://patorjk.com/software/taag/#p=display&f=Doom&t=vpn.yml
### _
### _
### | |
### __ ___ __ _ __ _ _ _ __ ___ | |
### \ \ / / '_ \| '_ \ | | | | '_ ` _ \| |
### \ V /| |_) | | | || |_| | | | | | | |
### \_/ | .__/|_| |_(_)__, |_| |_| |_|_|
### | | __/ |
### |_| |___/
###
### | | __/ |
### |_| |___/
###
###############################################################################
.vpn-config-update:
@ -256,7 +255,7 @@ run-setup-demompmx:
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
stage: run-update
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )"
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
@ -307,7 +306,6 @@ run-vpn-update-prodnso:
only:
- prodnso
###############################################################################
### http://patorjk.com/software/taag/#p=display&f=Doom&t=smardigo.yml
###
@ -786,14 +784,14 @@ run-patchday-all-k8s-demompmx:
###############################################################################
### http://patorjk.com/software/taag/#p=display&f=Doom&t=hcloud-firewall.yml
###
### _ _ _ __ _ _ _ _
### _ _ _ __ _ _ _ _
### | | | | | | / _(_) | | | | |
### | |__ ___| | ___ _ _ __| |______| |_ _ _ __ _____ ____ _| | | _ _ _ __ ___ | |
### | '_ \ / __| |/ _ \| | | |/ _` |______| _| | '__/ _ \ \ /\ / / _` | | || | | | '_ ` _ \| |
### | | | | (__| | (_) | |_| | (_| | | | | | | | __/\ V V / (_| | | || |_| | | | | | | |
### |_| |_|\___|_|\___/ \__,_|\__,_| |_| |_|_| \___| \_/\_/ \__,_|_|_(_)__, |_| |_| |_|_|
### __/ |
### |___/
### __/ |
### |___/
###
###############################################################################

3
ansible-builder/bindep.txt
Unescape Escape View File

@ -1,4 +1,5 @@
python38-devel [platform:rpm compile]
git-core [platform:rpm]
subversion [platform:rpm]
subversion [platform:dpkg]
git-lfs [platform:rpm]
epel-release [platform:rpm]

1
ansible-builder/context/.gitignore vendored
Unescape Escape View File

@ -1 +1,2 @@
/_build/
Dockerfile

45
ansible-builder/context/Dockerfile
Unescape Escape View File

@ -1,45 +0,0 @@
ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:stable-2.12-latest
ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest
FROM $EE_BASE_IMAGE as galaxy
ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=
USER root
RUN mkdir -p /root/.ssh
ADD ansible-builder/context/id_ed25519 /root/.ssh/id_ed25519
RUN chmod -R 700 /root/.ssh
RUN mkdir /build
WORKDIR /build
ADD galaxy-requirements.yml requirements.yml
ADD pip-requirements requirements.txt
ADD ansible-builder/bindep.txt bindep.txt
RUN ssh-keyscan git.dev-at.de >> /root/.ssh/known_hosts
RUN eval $(ssh-agent) && ssh-add /root/.ssh/id_ed25519 && ansible-galaxy role install -r requirements.yml --roles-path /usr/share/ansible/roles
RUN ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path /usr/share/ansible/collections --server https://old-galaxy.ansible.com
FROM $EE_BUILDER_IMAGE as builder
COPY --from=galaxy /usr/share/ansible /usr/share/ansible
ADD pip-requirements requirements.txt
ADD ansible-builder/bindep.txt bindep.txt
RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt
RUN assemble
FROM $EE_BASE_IMAGE
USER root
COPY --from=galaxy /usr/share/ansible /usr/share/ansible
COPY --from=builder /output/ /output/
RUN /output/install-from-bindep && rm -rf /output/wheels
RUN alternatives --set python /usr/bin/python3
COPY --from=quay.io/project-receptor/receptor:0.9.7 /usr/bin/receptor /usr/bin/receptor
RUN mkdir -p /var/run/receptor
ADD ansible-builder/context/run.sh /run.sh
CMD /run.sh
USER 1000
RUN git lfs install

2
ansible-builder/context/run.sh
Unescape Escape View File

@ -1,2 +0,0 @@
#! /bin/bash
ansible-runner worker --private-data-dir=/runner

44
ansible-builder/execution-environment.yml
Unescape Escape View File

@ -1,16 +1,44 @@
---
version: 1
version: 3
build_arg_defaults:
ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: "--pre"
dependencies:
ansible_core:
package_pip: ansible-core~=2.12
ansible_runner:
package_pip: ansible-runner
galaxy: ../galaxy-requirements.yml
python: ../pip-requirements
python_interpreter:
package_system: "python311"
python_path: "/usr/bin/python3.11"
system: bindep.txt
images:
base_image:
name: quay.io/centos/centos:stream9-minimal
additional_build_files:
- src: ../ansible.cfg
dest: configs
options:
package_manager_path: /usr/bin/microdnf
additional_build_steps:
append:
- RUN alternatives --set python /usr/bin/python3
- COPY --from=quay.io/project-receptor/receptor:0.9.7 /usr/bin/receptor /usr/bin/receptor
append_base:
- RUN $PYCMD -m pip install -U pip
prepend_galaxy:
- ADD _build/configs/ansible.cfg ~/.ansible.cfg
- RUN microdnf install -y git-lfs openssh-clients
- RUN mkdir -p /root/.ssh
- ADD id_ed25519 /root/.ssh/id_ed25519
- RUN chmod -R 700 /root/.ssh
- RUN ssh-keyscan git.dev-at.de >> /root/.ssh/known_hosts
- RUN eval $(ssh-agent) && ssh-add /root/.ssh/id_ed25519
append_final:
- COPY --from=quay.io/ansible/receptor:devel /usr/bin/receptor /usr/bin/receptor
- RUN mkdir -p /var/run/receptor
- ADD run.sh /run.sh
- CMD /run.sh
- USER 1000
- RUN git lfs install
- RUN git lfs install --system

Write Preview
Loading…
Cancel
Save