gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feature: combined management and vpn updates to one gitlab stage

Browse Source
qa
Sven Ketelsen 3 years ago committed by Michael Hähnel
parent fa856141cf
commit 3f60665dee
1 changed files with 71 additions and 67 deletions
Show Stats Download Patch File Download Diff File

138
.gitlab-ci.yml
Unescape Escape View File

@ -13,10 +13,9 @@ services:
stages:
- lint
- ansible-builder
- run-vpn-config-update
- run-setup
- run-setup-digitalocean
- run-management-update
- run-update
- run-patchday-elastic-postgres
- run-patchday-all-k8s
- run-hcloud-firewall
@ -117,70 +116,6 @@ builder-job-prodnso-manual:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
##################################################################################
### http://patorjk.com/software/taag/#p=display&f=Doom&t=vpn.yml
### _
### | |
### __ ___ __ _ __ _ _ _ __ ___ | |
### \ \ / / '_ \| '_ \ | | | | '_ ` _ \| |
### \ V /| |_) | | | || |_| | | | | | | |
### \_/ | .__/|_| |_(_)__, |_| |_| |_|_|
### | | __/ |
### |_| |___/
###
.vpn-config-update:
extends: .run-ansible
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
stage: run-vpn-config-update
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml vpn.yml --vault-password-file /tmp/vault-pass -u gitlabci
only:
changes:
- usser/**/wireguard.yml
except:
- schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
vpn-config-update-dev:
extends: .vpn-config-update
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: dev
before_script:
- export STAGE=dev
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
only:
- main
vpn-config-update-qa:
extends: .vpn-config-update
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: qa
before_script:
- export STAGE=qa
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
only:
- qa
vpn-config-update-prodnso:
extends: .vpn-config-update
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: prodnso
before_script:
- export STAGE=prodnso
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
only:
- prodnso
########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml
@ -267,6 +202,72 @@ run-setup-demompmx:
- prodnso
##################################################################################
### http://patorjk.com/software/taag/#p=display&f=Doom&t=vpn.yml
### _
### | |
### __ ___ __ _ __ _ _ _ __ ___ | |
### \ \ / / '_ \| '_ \ | | | | '_ ` _ \| |
### \ V /| |_) | | | || |_| | | | | | | |
### \_/ | .__/|_| |_(_)__, |_| |_| |_|_|
### | | __/ |
### |_| |___/
###
.vpn-config-update:
extends: .run-ansible
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
stage: run-update
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml vpn.yml --vault-password-file /tmp/vault-pass -u gitlabci
only:
changes:
- usser/**/wireguard.yml
except:
- schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
vpn-config-update-dev:
extends: .vpn-config-update
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: dev
before_script:
- export STAGE=dev
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
only:
- main
vpn-config-update-qa:
extends: .vpn-config-update
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: qa
before_script:
- export STAGE=qa
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
only:
- qa
vpn-config-update-prodnso:
extends: .vpn-config-update
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: prodnso
before_script:
- export STAGE=prodnso
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
only:
- prodnso
########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=smardigo.yml
###
@ -281,7 +282,7 @@ run-setup-demompmx:
.run-management-update:
extends: .run-ansible
stage: run-management-update
stage: run-update
script:
- "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )"
- eval $(ssh-agent -s)
@ -336,6 +337,7 @@ run-management-update-demompmx:
only:
- prodnso
########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=patchday.yml
###
@ -612,6 +614,7 @@ run-patchday-k8s-demompmx:
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"
########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=hcloud-firewall.yml
###
@ -689,6 +692,7 @@ run-hcloud-firewall-demompmx:
only:
- prodnso
########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=Digitialocean
###

Write Preview
Loading…
Cancel
Save