--- variables: AWX_EE_DOCKER_IMAGE_EXTERN: "dev-harbor-01.smardigo.digital/awx/awx-custom-ee" ANSIBLE_HOST_KEY_CHECKING: 'false' ANSIBLE_FORCE_COLOR: 'true' image: docker.dev-at.de/smardigo/smardigo-ci-ansible services: - name: docker-cache.dev-at.de/docker:19-dind alias: docker stages: - lint - ansible-builder - run-setup - run-setup-digitalocean - run-kubernetes - run-management-update - run-patchday - run-hcloud-firewall lint-job: stage: lint script: - echo "Running lint to check for linting violations" - ansible-lint -c ansible-lint.cfg only: - branches except: - schedules tags: - dind builder-job: # A resource group ensures a job is mutually exclusive across different pipelines for the same project. resource_group: dev stage: ansible-builder script: - cp $SSH_KEY_GITLAB_CI_BUILDER_FILE ansible-builder/context/id_ed25519 - echo "Running docker build to build awx execution environment" - docker build -f ansible-builder/context/Dockerfile -t $AWX_EE_DOCKER_IMAGE_EXTERN:latest . - docker push $AWX_EE_DOCKER_IMAGE_EXTERN:latest only: refs: - main changes: - pip-requirements - galaxy-requirements.yml - ansible-builder/**/* except: - schedules tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts ################################################################################## .run-ansible: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml ### ### _ _ ### | | | | ### ___ ___| |_ _ _ _ __ _ _ _ __ ___ | | ### / __|/ _ \ __| | | | '_ \| | | | '_ ` _ \| | ### \__ \ __/ |_| |_| | |_) | |_| | | | | | | | ### |___/\___|\__|\__,_| .__(_)__, |_| |_| |_|_| ### | | __/ | ### |_| |___/ .run-setup: extends: .run-ansible stage: run-setup script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci after_script: - rm /tmp/vault-pass except: - schedules run-setup-dev: extends: .run-setup resource_group: dev before_script: - export STAGE=dev - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass only: - main run-setup-devscr: extends: .run-setup resource_group: devscr before_script: - export STAGE=devscr - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass only: - main run-setup-qa: extends: .run-setup resource_group: qa before_script: - export STAGE=qa - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass only: - qa run-setup-prodnso: extends: .run-setup resource_group: prodnso before_script: - export STAGE=prodnso - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass only: - prodnso run-setup-prodwork01: extends: .run-setup resource_group: prodwork01 before_script: - export STAGE=prodwork01 - echo "${ANSIBLE_VAULT_PASS_PRODWORK01}" > /tmp/vault-pass only: - prodnso ######## ### This Page: http://patorjk.com/software/taag/#p=display&f=Doom&t=kubernetes.yml ### ### _ _ _ _ ### | | | | | | | | ### | | ___ _| |__ ___ _ __ _ __ ___| |_ ___ ___ _ _ _ __ ___ | | ### | |/ / | | | '_ \ / _ \ '__| '_ \ / _ \ __/ _ \/ __|| | | | '_ ` _ \| | ### | <| |_| | |_) | __/ | | | | | __/ || __/\__ \| |_| | | | | | | | ### |_|\_\\__,_|_.__/ \___|_| |_| |_|\___|\__\___||___(_)__, |_| |_| |_|_| ### __/ | ### |___/ .run-kubernetes: extends: .run-ansible stage: run-kubernetes script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass except: - schedules run-kubernetes-dev: extends: .run-kubernetes resource_group: dev before_script: - export STAGE=dev - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass only: - main run-kubernetes-qa: extends: .run-kubernetes resource_group: qa before_script: - export STAGE=qa - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass only: - qa run-kubernetes-prodnso: extends: .run-kubernetes resource_group: prodnso before_script: - export STAGE=prodnso - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass only: - prodnso ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=smardigo.yml ### ### _ _ _ ### | (_) | | ### ___ _ __ ___ __ _ _ __ __| |_ __ _ ___ _ _ _ __ ___ | | ### / __| '_ ` _ \ / _` | '__/ _` | |/ _` |/ _ \| | | | '_ ` _ \| | ### \__ \ | | | | | (_| | | | (_| | | (_| | (_) | |_| | | | | | | | ### |___/_| |_| |_|\__,_|_| \__,_|_|\__, |\___(_)__, |_| |_| |_|_| ### __/ | __/ | ### |___/ |___/ .run-management-update: extends: .run-ansible stage: run-management-update script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - ansible-playbook -i stage-$STAGE smardigo.yml --vault-password-file=/tmp/vault-pass -l management -t update_configurations -u gitlabci after_script: - rm /tmp/vault-pass only: changes: - smardigo/**/* except: - schedules run-management-update-dev: extends: .run-management-update resource_group: dev before_script: - export STAGE=dev - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass only: - main run-management-update-qa: extends: .run-management-update resource_group: qa before_script: - export STAGE=qa - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass only: - qa run-management-update-prodnso: extends: .run-management-update resource_group: prodnso before_script: - export STAGE=prodnso - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass only: - prodnso ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=patchday.yml ### ### _ _ _ _ ### | | | | | | | | ### _ __ __ _| |_ ___| |__ __| | __ _ _ _ _ _ _ __ ___ | | ### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | || | | | '_ ` _ \| | ### | |_) | (_| | || (__| | | | (_| | (_| | |_| || |_| | | | | | | | ### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, (_)__, |_| |_| |_|_| ### | | __/ | __/ | ### |_| |___/ |___/ .run-patchday: extends: .run-ansible stage: run-patchday script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass timeout: 2h run-patchday-dev: extends: .run-patchday resource_group: dev before_script: - export STAGE=dev - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" run-patchday-devscr: extends: .run-patchday resource_group: devscr before_script: - export STAGE=devscr - echo "${ANSIBLE_VAULT_PASS_DEVSCR}" > /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" run-patchday-qa: extends: .run-patchday resource_group: qa before_script: - export STAGE=qa - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" run-patchday-prodnso: extends: .run-patchday resource_group: prodnso before_script: - export STAGE=prodnso - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-prodwork01: extends: .run-patchday resource_group: prodwork01 before_script: - export STAGE=prodwork01 - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=patchday.yml ### ### _ _ _ __ _ _ _ _ ### | | | | | | / _(_) | | | | | ### | |__ ___| | ___ _ _ __| | | |_ _ _ __ _____ ____ _| | | _ _ _ __ ___ | | ### | '_ \ / __| |/ _ \| | | |/ _` | | _| | '__/ _ \ \ /\ / / _` | | || | | | '_ ` _ \| | ### | | | | (__| | (_) | |_| | (_| | | | | | | | __/\ V V / (_| | | || |_| | | | | | | | ### |_| |_|\___|_|\___/ \__,_|\__,_| |_| |_|_| \___| \_/\_/ \__,_|_|_(_)__, |_| |_| |_|_| ### ______ __/ | ### |______| |___/ ### .run-hcloud-firewall: extends: .run-ansible stage: run-hcloud-firewall script: - ansible-playbook -e "stage=${STAGE}" hcloud_firewall.yml --vault-password-file /tmp/vault-pass after_script: - rm /tmp/vault-pass except: - schedules run-hcloud-firewall-dev: extends: .run-hcloud-firewall resource_group: dev before_script: - export STAGE=dev - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass only: - main run-hcloud-firewall-devscr: extends: .run-hcloud-firewall resource_group: devscr before_script: - export STAGE=devscr - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass only: - main run-hcloud-firewall-qa: extends: .run-hcloud-firewall resource_group: qa before_script: - export STAGE=qa - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass only: - qa run-hcloud-firewall-prodnso: extends: .run-hcloud-firewall resource_group: prodnso before_script: - export STAGE=prodnso - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass only: - prodnso run-hcloud-firewall-prodwork01: extends: .run-hcloud-firewall resource_group: prodwork01 before_script: - export STAGE=prodwork01 - echo "${ANSIBLE_VAULT_PASS_PRODWORK01}" > /tmp/vault-pass only: - prodnso ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=Digitialocean ### ### ______ _ _ _ _ _ ### | _ (_) (_) | (_) | | ### | | | |_ __ _ _| |_ _ __ _| | ___ ___ ___ __ _ _ __ ### | | | | |/ _` | | __| |/ _` | |/ _ \ / __/ _ \/ _` | '_ \ ### | |/ /| | (_| | | |_| | (_| | | (_) | (_| __/ (_| | | | | ### |___/ |_|\__, |_|\__|_|\__,_|_|\___/ \___\___|\__,_|_| |_| ### __/ | ### |___/ run-setup-digitalocean: extends: .run-ansible stage: run-setup before_script: - export STAGE=dev - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - ansible-playbook -i stage-digitalocean setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci - ansible-playbook -i stage-digitalocean external_monitoring.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci after_script: - rm /tmp/vault-pass only: - main except: - schedules run-patchday-dev-digitalocean: extends: .run-ansible stage: run-patchday before_script: - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - ansible-playbook -i stage-digitalocean patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass timeout: 2h rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main"