gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

DEV-419: parallelized patchday for all stages

Browse Source
qa
Hoan To 3 years ago committed by Michael Hähnel
parent 91303a458d
commit e1e13fd591
1 changed files with 177 additions and 16 deletions
Show Stats Download Patch File Download Diff File

193
.gitlab-ci.yml
Unescape Escape View File

@ -16,7 +16,8 @@ stages:
- run-setup - run-setup
- run-setup-digitalocean - run-setup-digitalocean
- run-management-update - run-management-update
- run-patchday - run-patchday-elastic-postgres
- run-patchday-all-k8s
- run-hcloud-firewall - run-hcloud-firewall
lint-job: lint-job:
@ -264,8 +265,7 @@ run-management-update-prodnso:
.run-patchday: .run-patchday:
extends: .run-ansible extends: .run-ansible
stage: run-patchday before_script:
script:
- "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )"
- eval $(ssh-agent -s) - eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
@ -273,54 +273,215 @@ run-management-update-prodnso:
- chmod 0700 ~/.ssh - chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L - ssh-add -L
timeout: 2h
run-patchday-elastic-dev:
extends: .run-patchday
stage: run-patchday-elastic-postgres
resource_group: dev
script:
- export STAGE=dev
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic'
after_script: after_script:
- rm /tmp/vault-pass - rm /tmp/vault-pass
timeout: 2h rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main"
run-patchday-dev: run-patchday-postgres-dev:
extends: .run-patchday extends: .run-patchday
stage: run-patchday-elastic-postgres
resource_group: dev resource_group: dev
before_script: script:
- export STAGE=dev
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres'
after_script:
- rm /tmp/vault-pass
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main"
run-patchday-all-dev:
extends: .run-patchday
stage: run-patchday-all-k8s
resource_group: dev
script:
- export STAGE=dev
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster'
after_script:
- rm /tmp/vault-pass
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main"
run-patchday-k8s-dev:
extends: .run-patchday
stage: run-patchday-all-k8s
resource_group: dev
script:
- export STAGE=dev - export STAGE=dev
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster'
after_script:
- rm /tmp/vault-pass
rules: rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main"
run-patchday-devscr: run-patchday-k8s-devscr:
extends: .run-patchday extends: .run-patchday
stage: run-patchday-all-k8s
resource_group: devscr resource_group: devscr
before_script: script:
- export STAGE=devscr - export STAGE=devscr
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_DEVSCR}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_DEVSCR}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster'
after_script:
- rm /tmp/vault-pass
rules: rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main"
run-patchday-qa: run-patchday-elastic-qa:
extends: .run-patchday extends: .run-patchday
stage: run-patchday-elastic-postgres
resource_group: qa resource_group: qa
before_script: script:
- export STAGE=qa
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic'
after_script:
- rm /tmp/vault-pass
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa"
run-patchday-postgres-qa:
extends: .run-patchday
stage: run-patchday-elastic-postgres
resource_group: qa
script:
- export STAGE=qa
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres'
after_script:
- rm /tmp/vault-pass
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa"
run-patchday-all-qa:
extends: .run-patchday
stage: run-patchday-all-k8s
resource_group: qa
script:
- export STAGE=qa - export STAGE=qa
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster'
after_script:
- rm /tmp/vault-pass
rules: rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa"
run-patchday-prodnso: run-patchday-k8s-qa:
extends: .run-patchday extends: .run-patchday
stage: run-patchday-all-k8s
resource_group: qa
script:
- export STAGE=qa
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster'
after_script:
- rm /tmp/vault-pass
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa"
run-patchday-elastic-prodnso:
extends: .run-patchday
stage: run-patchday-elastic-postgres
resource_group: prodnso resource_group: prodnso
before_script: script:
- export STAGE=prodnso
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic'
after_script:
- rm /tmp/vault-pass
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"
run-patchday-postgres-prodnso:
extends: .run-patchday
stage: run-patchday-elastic-postgres
resource_group: prodnso
script:
- export STAGE=prodnso
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres'
after_script:
- rm /tmp/vault-pass
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"
run-patchday-all-prodnso:
extends: .run-patchday
stage: run-patchday-all-k8s
resource_group: prodnso
script:
- export STAGE=prodnso - export STAGE=prodnso
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster'
after_script:
- rm /tmp/vault-pass
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"
run-patchday-k8s-prodnso:
extends: .run-patchday
stage: run-patchday-all-k8s
resource_group: prodnso
script:
- export STAGE=prodnso
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster'
after_script:
- rm /tmp/vault-pass
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"
run-patchday-all-prodwork01:
extends: .run-patchday
stage: run-patchday-all-k8s
resource_group: prodwork01
script:
- export STAGE=prodwork01
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!k8s_cluster'
after_script:
- rm /tmp/vault-pass
rules: rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"
run-patchday-prodwork01: run-patchday-k8s-prodwork01:
extends: .run-patchday extends: .run-patchday
stage: run-patchday-all-k8s
resource_group: prodwork01 resource_group: prodwork01
before_script: script:
- export STAGE=prodwork01 - export STAGE=prodwork01
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster'
after_script:
- rm /tmp/vault-pass
rules: rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"
@ -429,7 +590,7 @@ run-setup-digitalocean:
run-patchday-dev-digitalocean: run-patchday-dev-digitalocean:
extends: .run-ansible extends: .run-ansible
stage: run-patchday stage: run-patchday-all-k8s
before_script: before_script:
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
script: script:

Write Preview
Loading…
Cancel
Save