DEV-419: parallelized patchday for all stages

3 years ago · e1e13fd591
parent 91303a458d
commit e1e13fd591
1 changed files with 177 additions and 16 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -16,7 +16,8 @@ stages:
  - run-setup
  - run-setup-digitalocean
  - run-management-update
-  - run-patchday
+  - run-patchday-elastic-postgres
+  - run-patchday-all-k8s
  - run-hcloud-firewall

 lint-job:
@ -264,8 +265,7 @@ run-management-update-prodnso:

 .run-patchday:
  extends: .run-ansible
-  stage: run-patchday
-  script:
+  before_script:
    - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )"
    - eval $(ssh-agent -s)
    - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
@ -273,54 +273,215 @@ run-management-update-prodnso:
    - chmod 0700 ~/.ssh
    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
    - ssh-add -L
+  timeout: 2h
+
+run-patchday-elastic-dev:
+  extends: .run-patchday
+  stage: run-patchday-elastic-postgres
+  resource_group: dev
+  script:
+    - export STAGE=dev
    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
-    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci
+    - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic'
  after_script:
    - rm /tmp/vault-pass
-  timeout: 2h
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main"

-run-patchday-dev:
+run-patchday-postgres-dev:
  extends: .run-patchday
+  stage: run-patchday-elastic-postgres
  resource_group: dev
-  before_script:
+  script:
+    - export STAGE=dev
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
+    - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres'
+  after_script:
+    - rm /tmp/vault-pass
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main"
+
+run-patchday-all-dev:
+  extends: .run-patchday
+  stage: run-patchday-all-k8s
+  resource_group: dev
+  script:
+    - export STAGE=dev
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
+    - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster'
+  after_script:
+    - rm /tmp/vault-pass
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main"
+
+run-patchday-k8s-dev:
+  extends: .run-patchday
+  stage: run-patchday-all-k8s
+  resource_group: dev
+  script:
    - export STAGE=dev
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
    - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster'
+  after_script:
+    - rm /tmp/vault-pass
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main"

-run-patchday-devscr:
+run-patchday-k8s-devscr:
  extends: .run-patchday
+  stage: run-patchday-all-k8s
  resource_group: devscr
-  before_script:
+  script:
    - export STAGE=devscr
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
    - echo "${ANSIBLE_VAULT_PASS_DEVSCR}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster'
+  after_script:
+    - rm /tmp/vault-pass
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main"

-run-patchday-qa:
+run-patchday-elastic-qa:
  extends: .run-patchday
+  stage: run-patchday-elastic-postgres
  resource_group: qa
-  before_script:
+  script:
+    - export STAGE=qa
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
+    - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic'
+  after_script:
+    - rm /tmp/vault-pass
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa"
+
+run-patchday-postgres-qa:
+  extends: .run-patchday
+  stage: run-patchday-elastic-postgres
+  resource_group: qa
+  script:
+    - export STAGE=qa
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
+    - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres'
+  after_script:
+    - rm /tmp/vault-pass
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa"
+
+run-patchday-all-qa:
+  extends: .run-patchday
+  stage: run-patchday-all-k8s
+  resource_group: qa
+  script:
    - export STAGE=qa
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
    - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster'
+  after_script:
+    - rm /tmp/vault-pass
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa"

-run-patchday-prodnso:
+run-patchday-k8s-qa:
  extends: .run-patchday
+  stage: run-patchday-all-k8s
+  resource_group: qa
+  script:
+    - export STAGE=qa
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
+    - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster'
+  after_script:
+    - rm /tmp/vault-pass
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa"
+
+run-patchday-elastic-prodnso:
+  extends: .run-patchday
+  stage: run-patchday-elastic-postgres
  resource_group: prodnso
-  before_script:
+  script:
+    - export STAGE=prodnso
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
+    - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic'
+  after_script:
+    - rm /tmp/vault-pass
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"
+
+run-patchday-postgres-prodnso:
+  extends: .run-patchday
+  stage: run-patchday-elastic-postgres
+  resource_group: prodnso
+  script:
+    - export STAGE=prodnso
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
+    - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres'
+  after_script:
+    - rm /tmp/vault-pass
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"
+
+run-patchday-all-prodnso:
+  extends: .run-patchday
+  stage: run-patchday-all-k8s
+  resource_group: prodnso
+  script:
    - export STAGE=prodnso
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
+    - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster'
+  after_script:
+    - rm /tmp/vault-pass
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"
+
+run-patchday-k8s-prodnso:
+  extends: .run-patchday
+  stage: run-patchday-all-k8s
+  resource_group: prodnso
+  script:
+    - export STAGE=prodnso
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
+    - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster'
+  after_script:
+    - rm /tmp/vault-pass
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"
+
+run-patchday-all-prodwork01:
+  extends: .run-patchday
+  stage: run-patchday-all-k8s
+  resource_group: prodwork01
+  script:
+    - export STAGE=prodwork01
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
    - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!k8s_cluster'
+  after_script:
+    - rm /tmp/vault-pass
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"

-run-patchday-prodwork01:
+run-patchday-k8s-prodwork01:
  extends: .run-patchday
+  stage: run-patchday-all-k8s
  resource_group: prodwork01
-  before_script:
+  script:
    - export STAGE=prodwork01
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
    - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster'
+  after_script:
+    - rm /tmp/vault-pass
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso"

@ -429,7 +590,7 @@ run-setup-digitalocean:

 run-patchday-dev-digitalocean:
  extends: .run-ansible
-  stage: run-patchday
+  stage: run-patchday-all-k8s
  before_script:
    - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
  script: