gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

chore: dry pattern

Browse Source
feature/DEV-380
Sven Ketelsen 4 years ago
parent 9f75b8969a
commit fc36445952
1 changed files with 98 additions and 166 deletions
Show Stats Download Patch File Download Diff File

262
.gitlab-ci.yml
Unescape Escape View File

@ -15,8 +15,8 @@ stages:
- ansible-builder - ansible-builder
- ansible-run-setup - ansible-run-setup
- ansible-run-kubernetes - ansible-run-kubernetes
- ansible-update-management
- ansible-patchday - ansible-patchday
- ansible-management
ansible-lint-job: ansible-lint-job:
stage: ansible-lint stage: ansible-lint
@ -65,10 +65,10 @@ ansible-builder-job:
### | | __/ | ### | | __/ |
### |_| |___/ ### |_| |___/
ansible-run-setup-dev: .ansible-run-setup:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
stage: ansible-run-setup stage: ansible-run-setup
before_script: script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s) - eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
@ -76,64 +76,40 @@ ansible-run-setup-dev:
- chmod 0700 ~/.ssh - chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L - ssh-add -L
script:
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
- STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci - STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci
after_script: after_script:
- rm /tmp/vault-pass - rm /tmp/vault-pass
only:
- main
- schedules
tags: tags:
- dind - dind
- harbor # 05.02.22 TODO some runners run into timeouts - harbor # 05.02.22 TODO some runners run into timeouts
ansible-run-kubernetes-dev:
extends: .ansible-run-setup
resource_group: dev resource_group: dev
before_script:
- export STAGE=dev
only:
- main
- schedules
ansible-run-setup-qa: ansible-run-kubernetes-qa:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .ansible-run-setup
stage: ansible-run-setup resource_group: qa
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=qa
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
- STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
only: only:
- qa - qa
- schedules - schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: qa
ansible-run-setup-prodnso: ansible-run-kubernetes-prodnso:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .ansible-run-setup
stage: ansible-run-setup resource_group: prodnso
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=prodnso
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
only: only:
- prodnso - prodnso
- schedules - schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: prodnso
######## ########
### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible%20-%20run ### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible%20-%20run
@ -147,7 +123,7 @@ ansible-run-setup-prodnso:
### __/ | ### __/ |
### |___/ ### |___/
ansible-run-kubernetes-dev: .ansible-run-kubernetes:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
stage: ansible-run-kubernetes stage: ansible-run-kubernetes
before_script: before_script:
@ -158,147 +134,41 @@ ansible-run-kubernetes-dev:
- chmod 0700 ~/.ssh - chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L - ssh-add -L
script:
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
- STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci - STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci
after_script: after_script:
- rm /tmp/vault-pass - rm /tmp/vault-pass
only:
- main
- schedules
tags: tags:
- dind - dind
- harbor # 05.02.22 TODO some runners run into timeouts - harbor # 05.02.22 TODO some runners run into timeouts
resource_group: dev resource_group: dev
ansible-run-kubernetes-qa: ansible-run-kubernetes-dev:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .ansible-run-kubernetes
stage: ansible-run-kubernetes resource_group: deployment
before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
- STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
only:
- qa
- schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: qa
ansible-run-kubernetes-prodnso:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
stage: ansible-run-kubernetes
before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
only:
- prodnso
- schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: prodnso
########
### https://patorjk.com/software/taag/#p=display&f=Doom&t=patchday
### _ _ _
### | | | | | |
### _ __ __ _| |_ ___| |__ __| | __ _ _ _
### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | |
### | |_) | (_| | || (__| | | | (_| | (_| | |_| |
### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, |
### | | __/ |
### |_| |___/
###
ansible-patchday-dev:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
stage: ansible-patchday
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=dev
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
- STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
when: manual
only: only:
- main - main
tags: - schedules
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: dev
ansible-patchday-qa: ansible-run-kubernetes-qa:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .ansible-run-kubernetes
stage: ansible-patchday resource_group: qa
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=qa
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
- STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
when: manual
only: only:
- qa - qa
- schedules - schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: qa
ansible-patchday-prodnso: ansible-run-kubernetes-prodnso:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .ansible-run-kubernetes
stage: ansible-patchday resource_group: prodnso
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=prodnso
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
when: manual
only: only:
- prodnso - prodnso
- schedules - schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: prodnso
######## ########
### https://patorjk.com/software/taag/#p=display&f=Doom&t=management ### https://patorjk.com/software/taag/#p=display&f=Doom&t=management
@ -314,7 +184,7 @@ ansible-patchday-prodnso:
.ansible-management: .ansible-management:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
# A resource group ensures a job is mutually exclusive across different pipelines for the same project. # A resource group ensures a job is mutually exclusive across different pipelines for the same project.
stage: ansible-management stage: ansible-update-management
script: script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s) - eval $(ssh-agent -s)
@ -360,3 +230,65 @@ ansible-management-prodnso:
only: only:
- prodnso - prodnso
- schedules - schedules
########
### https://patorjk.com/software/taag/#p=display&f=Doom&t=patchday
### _ _ _
### | | | | | |
### _ __ __ _| |_ ___| |__ __| | __ _ _ _
### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | |
### | |_) | (_| | || (__| | | | (_| | (_| | |_| |
### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, |
### | | __/ |
### |_| |___/
###
.ansible-patchday:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
stage: ansible-patchday
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
when: manual
only:
- main
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
ansible-patchday-dev:
extends: .ansible-patchday
resource_group: dev
before_script:
- export STAGE=dev
only:
- main
- schedules
ansible-patchday-qa:
extends: .ansible-patchday
resource_group: qa
before_script:
- export STAGE=qa
only:
- qa
- schedules
ansible-patchday-prodnso:
extends: .ansible-patchday
resource_group: prodnso
before_script:
- export STAGE=prodnso
only:
- prodnso
- schedules

Write Preview
Loading…
Cancel
Save