2021-09-24 21:18:22 -05:00
|
|
|
image: rehashedsalt/ansible-env:bleeding
|
2022-02-15 15:07:38 -06:00
|
|
|
variables:
|
2022-03-19 13:22:28 -05:00
|
|
|
ANSIBLE_INVENTORY: inventories/production-no-auto
|
2022-02-15 15:07:38 -06:00
|
|
|
ANSIBLE_STRATEGY: free
|
2021-06-20 20:26:09 -05:00
|
|
|
stages:
|
2021-07-31 20:03:38 -05:00
|
|
|
- lint
|
2021-06-20 20:26:09 -05:00
|
|
|
- test
|
2022-03-07 10:46:02 -06:00
|
|
|
- play-pre
|
|
|
|
- play-main
|
|
|
|
- play-post
|
2021-06-20 20:26:09 -05:00
|
|
|
before_script:
|
|
|
|
# Dump our key
|
|
|
|
- eval $(ssh-agent -s)
|
|
|
|
- echo "$ANSIBLE_SSH_KEY" | tr -d '\r' | ssh-add -
|
|
|
|
- mkdir -p ~/.ssh
|
|
|
|
- chmod -R 0700 ~/.ssh
|
|
|
|
# Dump the vault password
|
|
|
|
- touch /vaultpw
|
|
|
|
- chmod 0600 /vaultpw
|
|
|
|
- echo "$ANSIBLE_VAULT_PASSWORD" > /vaultpw
|
|
|
|
# Fix perms on the playbook root
|
|
|
|
- chmod -R 0750 .
|
2021-07-31 20:30:16 -05:00
|
|
|
# Join the Zerotier management network
|
2021-07-31 20:34:09 -05:00
|
|
|
- |
|
|
|
|
[ -n "$ZEROTIER_NETWORK_ID" ] && \
|
2021-07-31 20:30:16 -05:00
|
|
|
service zerotier-one start && \
|
2021-07-31 20:46:58 -05:00
|
|
|
sleep 5 && \
|
2021-07-31 20:30:16 -05:00
|
|
|
zerotier-cli join "$ZEROTIER_NETWORK_ID" && \
|
2021-07-31 20:46:58 -05:00
|
|
|
sleep 5 && \
|
2021-07-31 20:30:16 -05:00
|
|
|
zerotier-cli info && \
|
|
|
|
zerotier-cli listnetworks
|
2021-06-20 20:26:09 -05:00
|
|
|
# Get ready for execution
|
2021-08-01 21:39:36 -05:00
|
|
|
- ansible-galaxy install -r requirements.yml
|
2022-02-15 14:28:27 -06:00
|
|
|
# Run a quick test SSH connection to the bastion box
|
2022-02-15 14:22:21 -06:00
|
|
|
- ssh -o StrictHostKeyChecking=no ansible@bastion1.dallas.mgmt.desu.ltd uptime
|
2022-02-15 14:28:27 -06:00
|
|
|
# And a quick test SSH connection over proxy
|
2022-02-15 14:30:26 -06:00
|
|
|
- ssh -o StrictHostKeyChecking=no -o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd" ansible@bastion1.dallas.mgmt.desu.ltd uptime
|
2021-07-31 20:30:16 -05:00
|
|
|
after_script:
|
2021-07-31 20:34:09 -05:00
|
|
|
- |
|
|
|
|
[ -n "$ZEROTIER_NETWORK_ID" ] && \
|
2021-07-31 20:30:16 -05:00
|
|
|
zerotier-cli leave "$ZEROTIER_NETWORK_ID"
|
2021-06-20 20:26:09 -05:00
|
|
|
|
|
|
|
Lint:
|
2021-08-01 14:55:25 -05:00
|
|
|
stage: lint
|
2021-07-31 21:04:25 -05:00
|
|
|
interruptible: yes
|
2021-08-01 14:55:25 -05:00
|
|
|
except:
|
|
|
|
- pipelines
|
2021-08-01 14:56:59 -05:00
|
|
|
- schedules
|
2021-06-20 20:26:09 -05:00
|
|
|
script:
|
|
|
|
- ansible-lint --version
|
|
|
|
- ansible-lint site.yml
|
|
|
|
|
2021-08-05 11:50:08 -05:00
|
|
|
Test:
|
2021-06-20 20:26:09 -05:00
|
|
|
stage: test
|
2021-09-26 15:59:31 -05:00
|
|
|
retry: 1
|
2021-08-01 14:55:25 -05:00
|
|
|
interruptible: yes
|
|
|
|
except:
|
|
|
|
- pipelines
|
2021-06-20 20:26:09 -05:00
|
|
|
script:
|
2022-03-08 13:53:33 -06:00
|
|
|
- ansible-playbook --skip-tags no-test,no-auto -C site.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw || error="$?"
|
2021-08-05 11:50:08 -05:00
|
|
|
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
|
|
|
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
2021-06-20 20:26:09 -05:00
|
|
|
|
2022-03-07 10:46:02 -06:00
|
|
|
# PRE-MAIN CONFIGURATION
|
|
|
|
Local:
|
|
|
|
stage: play-pre
|
2021-07-31 19:49:14 -05:00
|
|
|
script:
|
2022-03-07 10:46:02 -06:00
|
|
|
- ansible-playbook --skip-tags no-auto playbooks/site_local.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
|
|
|
Pre:
|
|
|
|
stage: play-pre
|
2021-11-20 19:04:12 -06:00
|
|
|
script:
|
2022-03-07 10:46:02 -06:00
|
|
|
- ansible-playbook --skip-tags no-auto playbooks/site_pre.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
|
|
|
|
|
|
|
# MAIN CONFIGURATION
|
|
|
|
Main:
|
|
|
|
stage: play-main
|
|
|
|
script:
|
|
|
|
- ansible-playbook --skip-tags no-auto playbooks/site_main.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
|
|
|
Common:
|
|
|
|
stage: play-main
|
|
|
|
script:
|
|
|
|
- ansible-playbook --skip-tags no-auto playbooks/site_common.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
|
|
|
Nagios:
|
|
|
|
stage: play-main
|
2022-03-04 21:29:24 -06:00
|
|
|
retry: 1
|
|
|
|
script:
|
2022-03-07 10:46:02 -06:00
|
|
|
- ansible-playbook -l web3.dallas.mgmt.desu.ltd playbooks/prod_web.yml --tags nagios --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
|
|
|
|
|
|
|
# CLEANUP
|
|
|
|
Cleanup:
|
|
|
|
stage: play-post
|
|
|
|
script:
|
|
|
|
- ansible-playbook --skip-tags no-auto playbooks/site_post.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|