gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

DEV-1114 patchday: extracted harbor/maria in own stages

Browse Source
qa
Sven Ketelsen 3 years ago
parent 9229359a4c
commit 685eef3a5c
1 changed files with 85 additions and 42 deletions
Show Stats Download Patch File Download Diff File

127
patchday.yml
Unescape Escape View File

@ -5,7 +5,7 @@
- hosts: prometheus - hosts: prometheus
vars: vars:
start: '{{ ansible_date_time.epoch }}' start: "{{ ansible_date_time.epoch }}"
tasks: tasks:
- name: "DO some stuff for silencing" - name: "DO some stuff for silencing"
@ -22,8 +22,8 @@
- name: job - name: job
value: .+ value: .+
isRegex: true isRegex: true
startsAt: '{{ silence_starts_at }}' startsAt: "{{ silence_starts_at }}"
endsAt: '{{ silence_ends_at }}' endsAt: "{{ silence_ends_at }}"
createdBy: patchday-automatism createdBy: patchday-automatism
comment: patchday comment: patchday
id: id:
@ -38,15 +38,15 @@
headers: headers:
Content-Type: application/json Content-Type: application/json
body_format: json body_format: json
body: '{{ silence | to_json }}' body: "{{ silence | to_json }}"
rescue: rescue:
- name: "Rescue silencing - sending mail to DEVOPS-DL" - name: "Rescue silencing - sending mail to DEVOPS-DL"
delegate_to: '{{ stage }}-mail-01' delegate_to: "{{ stage }}-mail-01"
community.general.mail: community.general.mail:
host: localhost host: localhost
port: 25 port: 25
to: '{{ devops_email_address }}' to: "{{ devops_email_address }}"
subject: "patchday( {{ lookup('pipe','date +%Y-%m-%d_%H:%M') }} ) problem report for failed silencing" subject: "patchday( {{ lookup('pipe','date +%Y-%m-%d_%H:%M') }} ) problem report for failed silencing"
body: | body: |
Dear Sir or Madam, Dear Sir or Madam,
@ -59,6 +59,50 @@
your automation-bofh your automation-bofh
- hosts: harbor
serial: 1
become: yes
tasks:
- name: "Smardigo Patchday: update pkgs"
ansible.builtin.apt:
upgrade: yes
update_cache: yes
autoremove: yes
autoclean: yes
- name: "Smardigo Patchday: find docker_compose.yml files"
ansible.builtin.find:
paths: "{{ service_base_path }}"
pattern: 'docker*.yml'
recurse: yes
register: docker_compose_services
- name: "Smardigo Patchday: shutdown services"
community.docker.docker_compose:
project_src: "{{ item | dirname }}"
state: absent
loop: "{{ docker_compose_services.files | map(attribute='path') | select('match', '.*/'+stage+'-.*') }}"
- name: "Smardigo Patchday: rebooting <{{ inventory_hostname }}>"
ansible.builtin.reboot:
post_reboot_delay: 30
reboot_timeout: 300
- name: "Smardigo Patchday: wait_for host after reboot"
become: no
delegate_to: localhost
ansible.builtin.wait_for:
delay: 15
timeout: 180
port: 22
host: "{{ stage_server_ip }}"
search_regex: OpenSSH
- name: "Smardigo Patchday: start services"
community.docker.docker_compose:
project_src: "{{ item | dirname }}"
state: present
loop: "{{ docker_compose_services.files | map(attribute='path') }}"
- hosts: elastic - hosts: elastic
serial: 1 serial: 1
@ -73,16 +117,16 @@
- name: "Smardigo Patchday: find docker_compose.yml files" - name: "Smardigo Patchday: find docker_compose.yml files"
ansible.builtin.find: ansible.builtin.find:
paths: '{{ service_base_path }}' paths: "{{ service_base_path }}"
pattern: 'docker*.yml' pattern: 'docker*.yml'
recurse: yes recurse: yes
register: docker_compose_services register: docker_compose_services
- name: "Smardigo Patchday: shutdown services" - name: "Smardigo Patchday: shutdown services"
community.docker.docker_compose: community.docker.docker_compose:
project_src: '{{ item.path | dirname }}' project_src: "{{ item | dirname }}"
state: absent state: absent
loop: '{{ docker_compose_services.files }}' loop: "{{ docker_compose_services.files | map(attribute='path') | select('match', '.*/'+stage+'-.*') }}"
- name: "Smardigo Patchday: rebooting <{{ inventory_hostname }}>" - name: "Smardigo Patchday: rebooting <{{ inventory_hostname }}>"
ansible.builtin.reboot: ansible.builtin.reboot:
@ -96,14 +140,14 @@
delay: 15 delay: 15
timeout: 180 timeout: 180
port: 22 port: 22
host: '{{ stage_server_ip }}' host: "{{ stage_server_ip }}"
search_regex: OpenSSH search_regex: OpenSSH
- name: "Smardigo Patchday: start services" - name: "Smardigo Patchday: start services"
community.docker.docker_compose: community.docker.docker_compose:
project_src: '{{ item.path | dirname }}' project_src: "{{ item.path | dirname }}"
state: present state: present
loop: '{{ docker_compose_services.files }}' loop: "{{ docker_compose_services.files }}"
- name: "Smardigo Patchday: wait until cluster is green" - name: "Smardigo Patchday: wait until cluster is green"
ansible.builtin.uri: ansible.builtin.uri:
@ -151,7 +195,7 @@
delay: 15 delay: 15
timeout: 180 timeout: 180
port: 22 port: 22
host: '{{ stage_server_ip }}' host: "{{ stage_server_ip }}"
search_regex: OpenSSH search_regex: OpenSSH
- name: "Open and mount LUKS encrypted LVM for datadir" - name: "Open and mount LUKS encrypted LVM for datadir"
@ -187,7 +231,7 @@
community.postgresql.postgresql_ping: community.postgresql.postgresql_ping:
port: 5432 port: 5432
ssl_mode: require ssl_mode: require
login_host: '{{ stage_private_server_ip }}' login_host: "{{ stage_private_server_ip }}"
register: check_postgres register: check_postgres
ignore_errors: true ignore_errors: true
@ -206,18 +250,18 @@
community.postgresql.postgresql_ping: community.postgresql.postgresql_ping:
port: 5432 port: 5432
ssl_mode: require ssl_mode: require
login_host: '{{ stage_private_server_ip }}' login_host: "{{ stage_private_server_ip }}"
register: check_postgres_again register: check_postgres_again
retries: 5 retries: 5
failed_when: not check_postgres_again.is_available failed_when: not check_postgres_again.is_available
rescue: rescue:
- name: "Smardigo Patchday: error-handling - send mail to DEVOPS-DL" - name: "Smardigo Patchday: error-handling - send mail to DEVOPS-DL"
delegate_to: '{{ stage }}-mail-01' delegate_to: "{{ stage }}-mail-01"
community.general.mail: community.general.mail:
host: localhost host: localhost
port: 25 port: 25
to: '{{ devops_email_address }}' to: "{{ devops_email_address }}"
subject: "patchday( {{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }} ) problem report for {{ inventory_hostname }}" subject: "patchday( {{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }} ) problem report for {{ inventory_hostname }}"
body: | body: |
Dear Sir or Madam, Dear Sir or Madam,
@ -245,16 +289,16 @@
- name: "Smardigo Patchday: find docker_compose.yml files" - name: "Smardigo Patchday: find docker_compose.yml files"
ansible.builtin.find: ansible.builtin.find:
paths: '{{ service_base_path }}' paths: "{{ service_base_path }}"
pattern: 'docker*.yml' pattern: 'docker*.yml'
recurse: true recurse: true
register: docker_compose_services register: docker_compose_services
- name: "Smardigo Patchday: shutdown services" - name: "Smardigo Patchday: shutdown services"
community.docker.docker_compose: community.docker.docker_compose:
project_src: '{{ item.path | dirname }}' project_src: "{{ item | dirname }}"
state: absent state: absent
loop: '{{ docker_compose_services.files }}' loop: "{{ docker_compose_services.files | map(attribute='path') | select('match', '.*/'+stage+'-.*') }}"
- name: "Smardigo Patchday: rebooting <{{ inventory_hostname }}>" - name: "Smardigo Patchday: rebooting <{{ inventory_hostname }}>"
ansible.builtin.reboot: ansible.builtin.reboot:
@ -268,16 +312,16 @@
delay: 15 delay: 15
timeout: 180 timeout: 180
port: 22 port: 22
host: '{{ stage_server_ip }}' host: "{{ stage_server_ip }}"
search_regex: OpenSSH search_regex: OpenSSH
- name: "Smardigo Patchday: start services" - name: "Smardigo Patchday: start services"
community.docker.docker_compose: community.docker.docker_compose:
project_src: '{{ item.path | dirname }}' project_src: "{{ item | dirname }}"
state: present state: present
loop: '{{ docker_compose_services.files }}' loop: "{{ docker_compose_services.files | map(attribute='path') | select('match', '.*/'+stage+'-.*') }}"
- hosts: all,!elastic,!postgres,!k8s_cluster,!iam,!restore,!keycloak - hosts: all,!harbor,!elastic,!postgres,!iam,!keycloak,!k8s_cluster,!restore
serial: 10 serial: 10
become: yes become: yes
tasks: tasks:
@ -296,16 +340,16 @@
- name: "Smardigo Patchday: find docker_compose.yml files" - name: "Smardigo Patchday: find docker_compose.yml files"
ansible.builtin.find: ansible.builtin.find:
paths: '{{ service_base_path }}' paths: "{{ service_base_path }}"
pattern: 'docker*.yml' pattern: 'docker*.yml'
recurse: yes recurse: yes
register: docker_compose_services register: docker_compose_services
- name: "Smardigo Patchday: shutdown services" - name: "Smardigo Patchday: shutdown services"
community.docker.docker_compose: community.docker.docker_compose:
project_src: '{{ item.path | dirname }}' project_src: "{{ item.path | dirname }}"
state: absent state: absent
loop: '{{ docker_compose_services.files }}' loop: "{{ docker_compose_services.files }}"
- name: "Smardigo Patchday: rebooting <{{ inventory_hostname }}>" - name: "Smardigo Patchday: rebooting <{{ inventory_hostname }}>"
ansible.builtin.reboot: ansible.builtin.reboot:
@ -319,14 +363,14 @@
delay: 15 delay: 15
timeout: 180 timeout: 180
port: 22 port: 22
host: '{{ stage_server_ip }}' host: "{{ stage_server_ip }}"
search_regex: OpenSSH search_regex: OpenSSH
- name: "Smardigo Patchday: start services" - name: "Smardigo Patchday: start services"
community.docker.docker_compose: community.docker.docker_compose:
project_src: '{{ item.path | dirname }}' project_src: "{{ item.path | dirname }}"
state: present state: present
loop: '{{ docker_compose_services.files }}' loop: "{{ docker_compose_services.files }}"
- name: "Ensure SMA-portal is up and running" - name: "Ensure SMA-portal is up and running"
# there is a hard dependency within SMA-portal (VM: <<stage>>-management-01) during application start process # there is a hard dependency within SMA-portal (VM: <<stage>>-management-01) during application start process
@ -366,20 +410,19 @@
- name: "Smardigo Patchday: SMA-portal not reachable - shutdown services" - name: "Smardigo Patchday: SMA-portal not reachable - shutdown services"
community.docker.docker_compose: community.docker.docker_compose:
project_src: '{{ item.path | dirname }}' project_src: "{{ item.path | dirname }}"
state: absent state: absent
loop: '{{ docker_compose_services.files }}' loop: "{{ docker_compose_services.files }}"
- name: "Smardigo Patchday: SMA-portal not reachable - start services again" - name: "Smardigo Patchday: SMA-portal not reachable - start services again"
community.docker.docker_compose: community.docker.docker_compose:
project_src: '{{ item.path | dirname }}' project_src: "{{ item.path | dirname }}"
state: present state: present
loop: '{{ docker_compose_services.files }}' loop: "{{ docker_compose_services.files }}"
when: when:
- "'management' in inventory_hostname" - "'management' in inventory_hostname"
- hosts: k8s_cluster - hosts: k8s_cluster
serial: 1 serial: 1
become: yes become: yes
@ -403,9 +446,9 @@
- name: "Smardigo Patchday: stop k8s basic services" - name: "Smardigo Patchday: stop k8s basic services"
ansible.builtin.systemd: ansible.builtin.systemd:
name: '{{ item }}' name: "{{ item }}"
state: stopped state: stopped
loop: '{{ k8s_basic_services }}' loop: "{{ k8s_basic_services }}"
- name: "Smardigo Patchday: update pkgs" - name: "Smardigo Patchday: update pkgs"
ansible.builtin.apt: ansible.builtin.apt:
@ -426,21 +469,21 @@
delay: 15 delay: 15
timeout: 180 timeout: 180
port: 22 port: 22
host: '{{ stage_server_ip }}' host: "{{ stage_server_ip }}"
search_regex: OpenSSH search_regex: OpenSSH
- name: "Smardigo Patchday: start k8s basic services" - name: "Smardigo Patchday: start k8s basic services"
ansible.builtin.systemd: ansible.builtin.systemd:
name: '{{ item }}' name: "{{ item }}"
state: started state: started
loop: '{{ k8s_basic_services }}' loop: "{{ k8s_basic_services }}"
- name: "Smardigo Patchday: wait for node readiness" - name: "Smardigo Patchday: wait for node readiness"
delegate_to: "{{ groups['kube_control_plane'][0] }}" delegate_to: "{{ groups['kube_control_plane'][0] }}"
kubernetes.core.k8s: kubernetes.core.k8s:
kind: Node kind: Node
state: present state: present
name: '{{ inventory_hostname | lower }}' name: "{{ inventory_hostname | lower }}"
wait_condition: wait_condition:
reason: KubeletReady reason: KubeletReady
type: Ready type: Ready
@ -453,4 +496,4 @@
delegate_to: "{{ groups['kube_control_plane'][0] }}" delegate_to: "{{ groups['kube_control_plane'][0] }}"
kubernetes.core.k8s_drain: kubernetes.core.k8s_drain:
state: uncordon state: uncordon
name: '{{ inventory_hostname }}' name: "{{ inventory_hostname }}"

Write Preview
Loading…
Cancel
Save