diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d96b1f5..9d4b4e0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,8 +15,8 @@ stages: - ansible-builder - ansible-run-setup - ansible-run-kubernetes + - ansible-update-management - ansible-patchday - - ansible-management ansible-lint-job: stage: ansible-lint @@ -65,10 +65,10 @@ ansible-builder-job: ### | | __/ | ### |_| |___/ -ansible-run-setup-dev: +.ansible-run-setup: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest stage: ansible-run-setup - before_script: + script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' @@ -76,64 +76,40 @@ ansible-run-setup-dev: - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - script: - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - - STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci + - STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci after_script: - rm /tmp/vault-pass - only: - - main - - schedules tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts + +ansible-run-kubernetes-dev: + extends: .ansible-run-setup resource_group: dev + before_script: + - export STAGE=dev + only: + - main + - schedules -ansible-run-setup-qa: - image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest - stage: ansible-run-setup +ansible-run-kubernetes-qa: + extends: .ansible-run-setup + resource_group: qa before_script: - - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - - eval $(ssh-agent -s) - - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - - mkdir -p ~/.ssh - - chmod 0700 ~/.ssh - - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - script: - - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - - STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci - after_script: - - rm /tmp/vault-pass + - export STAGE=qa only: - qa - schedules - tags: - - dind - - harbor # 05.02.22 TODO some runners run into timeouts - resource_group: qa -ansible-run-setup-prodnso: - image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest - stage: ansible-run-setup +ansible-run-kubernetes-prodnso: + extends: .ansible-run-setup + resource_group: prodnso before_script: - - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - - eval $(ssh-agent -s) - - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - - mkdir -p ~/.ssh - - chmod 0700 ~/.ssh - - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - script: - - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - - STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci - after_script: - - rm /tmp/vault-pass + - export STAGE=prodnso only: - prodnso - schedules - tags: - - dind - - harbor # 05.02.22 TODO some runners run into timeouts - resource_group: prodnso ######## ### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible%20-%20run @@ -147,7 +123,7 @@ ansible-run-setup-prodnso: ### __/ | ### |___/ -ansible-run-kubernetes-dev: +.ansible-run-kubernetes: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest stage: ansible-run-kubernetes before_script: @@ -158,163 +134,118 @@ ansible-run-kubernetes-dev: - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - script: - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass - only: - - main - - schedules tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts resource_group: dev +ansible-run-kubernetes-dev: + extends: .ansible-run-kubernetes + resource_group: deployment + before_script: + - export STAGE=dev + only: + - main + - schedules + ansible-run-kubernetes-qa: - image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest - stage: ansible-run-kubernetes + extends: .ansible-run-kubernetes + resource_group: qa before_script: - - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - - eval $(ssh-agent -s) - - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - - mkdir -p ~/.ssh - - chmod 0700 ~/.ssh - - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - script: - - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - - STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci - after_script: - - rm /tmp/vault-pass + - export STAGE=qa only: - qa - schedules - tags: - - dind - - harbor # 05.02.22 TODO some runners run into timeouts - resource_group: qa ansible-run-kubernetes-prodnso: - image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest - stage: ansible-run-kubernetes + extends: .ansible-run-kubernetes + resource_group: prodnso before_script: - - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - - eval $(ssh-agent -s) - - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - - mkdir -p ~/.ssh - - chmod 0700 ~/.ssh - - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - script: - - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - - STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci - after_script: - - rm /tmp/vault-pass + - export STAGE=prodnso only: - prodnso - schedules - tags: - - dind - - harbor # 05.02.22 TODO some runners run into timeouts - resource_group: prodnso ######## -### https://patorjk.com/software/taag/#p=display&f=Doom&t=patchday -### _ _ _ -### | | | | | | -### _ __ __ _| |_ ___| |__ __| | __ _ _ _ -### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | | -### | |_) | (_| | || (__| | | | (_| | (_| | |_| | -### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, | -### | | __/ | -### |_| |___/ -### +### https://patorjk.com/software/taag/#p=display&f=Doom&t=management +### _ +### | | +### _ __ ___ __ _ _ __ __ _ __ _ ___ _ __ ___ ___ _ __ | |_ +### | '_ ` _ \ / _` | '_ \ / _` |/ _` |/ _ \ '_ ` _ \ / _ \ '_ \| __| +### | | | | | | (_| | | | | (_| | (_| | __/ | | | | | __/ | | | |_ +### |_| |_| |_|\__,_|_| |_|\__,_|\__, |\___|_| |_| |_|\___|_| |_|\__| +### __/ | +### |___/ -ansible-patchday-dev: +.ansible-management: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest - stage: ansible-patchday - before_script: + # A resource group ensures a job is mutually exclusive across different pipelines for the same project. + stage: ansible-update-management + script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - script: + - ssh-add -L - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - - STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci - after_script: - - rm /tmp/vault-pass - when: manual + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - ansible-playbook -i stage-$STAGE smardigo.yml --vault-password-file=/tmp/vault-pass -l management -t update_configurations -u gitlabci only: - - main + changes: + - smardigo/**/* + except: + - schedules tags: - dind - - harbor # 05.02.22 TODO some runners run into timeouts - resource_group: dev -ansible-patchday-qa: - image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest - stage: ansible-patchday +ansible-management-dev: + extends: .ansible-management + resource_group: deployment before_script: - - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - - eval $(ssh-agent -s) - - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - - mkdir -p ~/.ssh - - chmod 0700 ~/.ssh - - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - script: - - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - - STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci - after_script: - - rm /tmp/vault-pass - when: manual + - export STAGE=dev only: - - qa + - main - schedules - tags: - - dind - - harbor # 05.02.22 TODO some runners run into timeouts + +ansible-management-qa: + extends: .ansible-management resource_group: qa + before_script: + - export STAGE=qa + only: + - qa + - schedules -ansible-patchday-prodnso: - image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest - stage: ansible-patchday +ansible-management-prodnso: + extends: .ansible-management + resource_group: prodnso before_script: - - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - - eval $(ssh-agent -s) - - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - - mkdir -p ~/.ssh - - chmod 0700 ~/.ssh - - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - script: - - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - - STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci - after_script: - - rm /tmp/vault-pass - when: manual + - export STAGE=prodnso only: - prodnso - schedules - tags: - - dind - - harbor # 05.02.22 TODO some runners run into timeouts - resource_group: prodnso ######## -### https://patorjk.com/software/taag/#p=display&f=Doom&t=management -### _ -### | | -### _ __ ___ __ _ _ __ __ _ __ _ ___ _ __ ___ ___ _ __ | |_ -### | '_ ` _ \ / _` | '_ \ / _` |/ _` |/ _ \ '_ ` _ \ / _ \ '_ \| __| -### | | | | | | (_| | | | | (_| | (_| | __/ | | | | | __/ | | | |_ -### |_| |_| |_|\__,_|_| |_|\__,_|\__, |\___|_| |_| |_|\___|_| |_|\__| -### __/ | -### |___/ +### https://patorjk.com/software/taag/#p=display&f=Doom&t=patchday +### _ _ _ +### | | | | | | +### _ __ __ _| |_ ___| |__ __| | __ _ _ _ +### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | | +### | |_) | (_| | || (__| | | | (_| | (_| | |_| | +### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, | +### | | __/ | +### |_| |___/ +### -.ansible-management: +.ansible-patchday: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest - # A resource group ensures a job is mutually exclusive across different pipelines for the same project. - stage: ansible-management + stage: ansible-patchday script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) @@ -325,26 +256,27 @@ ansible-patchday-prodnso: - ssh-add -L - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - - ansible-playbook -i stage-$STAGE smardigo.yml --vault-password-file=/tmp/vault-pass -l management -t update_configurations -u gitlabci + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci + after_script: + - rm /tmp/vault-pass + when: manual only: - changes: - - smardigo/**/* - except: - - schedules + - main tags: - dind + - harbor # 05.02.22 TODO some runners run into timeouts -ansible-management-dev: - extends: .ansible-management - resource_group: deployment +ansible-patchday-dev: + extends: .ansible-patchday + resource_group: dev before_script: - export STAGE=dev only: - main - schedules -ansible-management-qa: - extends: .ansible-management +ansible-patchday-qa: + extends: .ansible-patchday resource_group: qa before_script: - export STAGE=qa @@ -352,8 +284,8 @@ ansible-management-qa: - qa - schedules -ansible-management-prodnso: - extends: .ansible-management +ansible-patchday-prodnso: + extends: .ansible-patchday resource_group: prodnso before_script: - export STAGE=prodnso