gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

chore: dry pattern

Browse Source
feature/DEV-380
Sven Ketelsen 4 years ago
parent 9f75b8969a
commit fc36445952
1 changed files with 98 additions and 166 deletions
Show Stats Download Patch File Download Diff File

264
.gitlab-ci.yml
Unescape Escape View File

@ -15,8 +15,8 @@ stages:
- ansible-builder - ansible-builder
- ansible-run-setup - ansible-run-setup
- ansible-run-kubernetes - ansible-run-kubernetes
- ansible-update-management
- ansible-patchday - ansible-patchday
- ansible-management
ansible-lint-job: ansible-lint-job:
stage: ansible-lint stage: ansible-lint
@ -65,10 +65,10 @@ ansible-builder-job:
### | | __/ | ### | | __/ |
### |_| |___/ ### |_| |___/
ansible-run-setup-dev: .ansible-run-setup:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
stage: ansible-run-setup stage: ansible-run-setup
before_script: script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s) - eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
@ -76,64 +76,40 @@ ansible-run-setup-dev:
- chmod 0700 ~/.ssh - chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L - ssh-add -L
script:
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
- STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci - STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci
after_script: after_script:
- rm /tmp/vault-pass - rm /tmp/vault-pass
only:
- main
- schedules
tags: tags:
- dind - dind
- harbor # 05.02.22 TODO some runners run into timeouts - harbor # 05.02.22 TODO some runners run into timeouts
ansible-run-kubernetes-dev:
extends: .ansible-run-setup
resource_group: dev resource_group: dev
before_script:
- export STAGE=dev
only:
- main
- schedules
ansible-run-setup-qa: ansible-run-kubernetes-qa:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .ansible-run-setup
stage: ansible-run-setup resource_group: qa
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=qa
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
- STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
only: only:
- qa - qa
- schedules - schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: qa
ansible-run-setup-prodnso: ansible-run-kubernetes-prodnso:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .ansible-run-setup
stage: ansible-run-setup resource_group: prodnso
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=prodnso
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
only: only:
- prodnso - prodnso
- schedules - schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: prodnso
######## ########
### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible%20-%20run ### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible%20-%20run
@ -147,7 +123,7 @@ ansible-run-setup-prodnso:
### __/ | ### __/ |
### |___/ ### |___/
ansible-run-kubernetes-dev: .ansible-run-kubernetes:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
stage: ansible-run-kubernetes stage: ansible-run-kubernetes
before_script: before_script:
@ -158,163 +134,118 @@ ansible-run-kubernetes-dev:
- chmod 0700 ~/.ssh - chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L - ssh-add -L
script:
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
- STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci - STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci
after_script: after_script:
- rm /tmp/vault-pass - rm /tmp/vault-pass
only:
- main
- schedules
tags: tags:
- dind - dind
- harbor # 05.02.22 TODO some runners run into timeouts - harbor # 05.02.22 TODO some runners run into timeouts
resource_group: dev resource_group: dev
ansible-run-kubernetes-dev:
extends: .ansible-run-kubernetes
resource_group: deployment
before_script:
- export STAGE=dev
only:
- main
- schedules
ansible-run-kubernetes-qa: ansible-run-kubernetes-qa:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .ansible-run-kubernetes
stage: ansible-run-kubernetes resource_group: qa
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=qa
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
- STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
only: only:
- qa - qa
- schedules - schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: qa
ansible-run-kubernetes-prodnso: ansible-run-kubernetes-prodnso:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .ansible-run-kubernetes
stage: ansible-run-kubernetes resource_group: prodnso
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=prodnso
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
only: only:
- prodnso - prodnso
- schedules - schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: prodnso
######## ########
### https://patorjk.com/software/taag/#p=display&f=Doom&t=patchday ### https://patorjk.com/software/taag/#p=display&f=Doom&t=management
### _ _ _ ### _
### | | | | | | ### | |
### _ __ __ _| |_ ___| |__ __| | __ _ _ _ ### _ __ ___ __ _ _ __ __ _ __ _ ___ _ __ ___ ___ _ __ | |_
### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | | ### | '_ ` _ \ / _` | '_ \ / _` |/ _` |/ _ \ '_ ` _ \ / _ \ '_ \| __|
### | |_) | (_| | || (__| | | | (_| | (_| | |_| | ### | | | | | | (_| | | | | (_| | (_| | __/ | | | | | __/ | | | |_
### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, | ### |_| |_| |_|\__,_|_| |_|\__,_|\__, |\___|_| |_| |_|\___|_| |_|\__|
### | | __/ | ### __/ |
### |_| |___/ ### |___/
###
ansible-patchday-dev: .ansible-management:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
stage: ansible-patchday # A resource group ensures a job is mutually exclusive across different pipelines for the same project.
before_script: stage: ansible-update-management
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s) - eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh - mkdir -p ~/.ssh
- chmod 0700 ~/.ssh - chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script: - ssh-add -L
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
- STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
after_script: - ansible-playbook -i stage-$STAGE smardigo.yml --vault-password-file=/tmp/vault-pass -l management -t update_configurations -u gitlabci
- rm /tmp/vault-pass
when: manual
only: only:
- main changes:
- smardigo/**/*
except:
- schedules
tags: tags:
- dind - dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: dev
ansible-patchday-qa: ansible-management-dev:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .ansible-management
stage: ansible-patchday resource_group: deployment
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=dev
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
- STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
when: manual
only: only:
- qa - main
- schedules - schedules
tags:
- dind ansible-management-qa:
- harbor # 05.02.22 TODO some runners run into timeouts extends: .ansible-management
resource_group: qa resource_group: qa
before_script:
- export STAGE=qa
only:
- qa
- schedules
ansible-patchday-prodnso: ansible-management-prodnso:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .ansible-management
stage: ansible-patchday resource_group: prodnso
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=prodnso
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
when: manual
only: only:
- prodnso - prodnso
- schedules - schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: prodnso
######## ########
### https://patorjk.com/software/taag/#p=display&f=Doom&t=management ### https://patorjk.com/software/taag/#p=display&f=Doom&t=patchday
### _ ### _ _ _
### | | ### | | | | | |
### _ __ ___ __ _ _ __ __ _ __ _ ___ _ __ ___ ___ _ __ | |_ ### _ __ __ _| |_ ___| |__ __| | __ _ _ _
### | '_ ` _ \ / _` | '_ \ / _` |/ _` |/ _ \ '_ ` _ \ / _ \ '_ \| __| ### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | |
### | | | | | | (_| | | | | (_| | (_| | __/ | | | | | __/ | | | |_ ### | |_) | (_| | || (__| | | | (_| | (_| | |_| |
### |_| |_| |_|\__,_|_| |_|\__,_|\__, |\___|_| |_| |_|\___|_| |_|\__| ### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, |
### __/ | ### | | __/ |
### |___/ ### |_| |___/
###
.ansible-management: .ansible-patchday:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
# A resource group ensures a job is mutually exclusive across different pipelines for the same project. stage: ansible-patchday
stage: ansible-management
script: script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s) - eval $(ssh-agent -s)
@ -325,26 +256,27 @@ ansible-patchday-prodnso:
- ssh-add -L - ssh-add -L
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- ansible-playbook -i stage-$STAGE smardigo.yml --vault-password-file=/tmp/vault-pass -l management -t update_configurations -u gitlabci - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
when: manual
only: only:
changes: - main
- smardigo/**/*
except:
- schedules
tags: tags:
- dind - dind
- harbor # 05.02.22 TODO some runners run into timeouts
ansible-management-dev: ansible-patchday-dev:
extends: .ansible-management extends: .ansible-patchday
resource_group: deployment resource_group: dev
before_script: before_script:
- export STAGE=dev - export STAGE=dev
only: only:
- main - main
- schedules - schedules
ansible-management-qa: ansible-patchday-qa:
extends: .ansible-management extends: .ansible-patchday
resource_group: qa resource_group: qa
before_script: before_script:
- export STAGE=qa - export STAGE=qa
@ -352,8 +284,8 @@ ansible-management-qa:
- qa - qa
- schedules - schedules
ansible-management-prodnso: ansible-patchday-prodnso:
extends: .ansible-management extends: .ansible-patchday
resource_group: prodnso resource_group: prodnso
before_script: before_script:
- export STAGE=prodnso - export STAGE=prodnso

Write Preview
Loading…
Cancel
Save