gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feature: combined management and vpn updates to one gitlab stage

Browse Source
qa
Sven Ketelsen 3 years ago committed by Michael Hähnel
parent fa856141cf
commit 3f60665dee
1 changed files with 71 additions and 67 deletions
Show Stats Download Patch File Download Diff File

138
.gitlab-ci.yml
Unescape Escape View File

@ -13,10 +13,9 @@ services:
stages: stages:
- lint - lint
- ansible-builder - ansible-builder
- run-vpn-config-update
- run-setup - run-setup
- run-setup-digitalocean - run-setup-digitalocean
- run-management-update - run-update
- run-patchday-elastic-postgres - run-patchday-elastic-postgres
- run-patchday-all-k8s - run-patchday-all-k8s
- run-hcloud-firewall - run-hcloud-firewall
@ -117,70 +116,6 @@ builder-job-prodnso-manual:
- dind - dind
- harbor # 05.02.22 TODO some runners run into timeouts - harbor # 05.02.22 TODO some runners run into timeouts
##################################################################################
### http://patorjk.com/software/taag/#p=display&f=Doom&t=vpn.yml
### _
### | |
### __ ___ __ _ __ _ _ _ __ ___ | |
### \ \ / / '_ \| '_ \ | | | | '_ ` _ \| |
### \ V /| |_) | | | || |_| | | | | | | |
### \_/ | .__/|_| |_(_)__, |_| |_| |_|_|
### | | __/ |
### |_| |___/
###
.vpn-config-update:
extends: .run-ansible
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
stage: run-vpn-config-update
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml vpn.yml --vault-password-file /tmp/vault-pass -u gitlabci
only:
changes:
- usser/**/wireguard.yml
except:
- schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
vpn-config-update-dev:
extends: .vpn-config-update
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: dev
before_script:
- export STAGE=dev
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
only:
- main
vpn-config-update-qa:
extends: .vpn-config-update
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: qa
before_script:
- export STAGE=qa
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
only:
- qa
vpn-config-update-prodnso:
extends: .vpn-config-update
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: prodnso
before_script:
- export STAGE=prodnso
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
only:
- prodnso
######## ########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml ### http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml
@ -267,6 +202,72 @@ run-setup-demompmx:
- prodnso - prodnso
##################################################################################
### http://patorjk.com/software/taag/#p=display&f=Doom&t=vpn.yml
### _
### | |
### __ ___ __ _ __ _ _ _ __ ___ | |
### \ \ / / '_ \| '_ \ | | | | '_ ` _ \| |
### \ V /| |_) | | | || |_| | | | | | | |
### \_/ | .__/|_| |_(_)__, |_| |_| |_|_|
### | | __/ |
### |_| |___/
###
.vpn-config-update:
extends: .run-ansible
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
stage: run-update
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml vpn.yml --vault-password-file /tmp/vault-pass -u gitlabci
only:
changes:
- usser/**/wireguard.yml
except:
- schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
vpn-config-update-dev:
extends: .vpn-config-update
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: dev
before_script:
- export STAGE=dev
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
only:
- main
vpn-config-update-qa:
extends: .vpn-config-update
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: qa
before_script:
- export STAGE=qa
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
only:
- qa
vpn-config-update-prodnso:
extends: .vpn-config-update
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: prodnso
before_script:
- export STAGE=prodnso
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
only:
- prodnso
######## ########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=smardigo.yml ### http://patorjk.com/software/taag/#p=display&f=Doom&t=smardigo.yml
### ###
@ -281,7 +282,7 @@ run-setup-demompmx:
.run-management-update: .run-management-update:
extends: .run-ansible extends: .run-ansible
stage: run-management-update stage: run-update
script: script:
- "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )"
- eval $(ssh-agent -s) - eval $(ssh-agent -s)
@ -336,6 +337,7 @@ run-management-update-demompmx:
only: only:
- prodnso - prodnso
######## ########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=patchday.yml ### http://patorjk.com/software/taag/#p=display&f=Doom&t=patchday.yml
### ###
@ -612,6 +614,7 @@ run-patchday-k8s-demompmx:
rules: rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"
######## ########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=hcloud-firewall.yml ### http://patorjk.com/software/taag/#p=display&f=Doom&t=hcloud-firewall.yml
### ###
@ -689,6 +692,7 @@ run-hcloud-firewall-demompmx:
only: only:
- prodnso - prodnso
######## ########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=Digitialocean ### http://patorjk.com/software/taag/#p=display&f=Doom&t=Digitialocean
### ###

Write Preview
Loading…
Cancel
Save