Rework GitLab pipelines
This commit is contained in:
parent
d27554bffb
commit
28b34833ab
@ -4,7 +4,9 @@ variables:
|
||||
stages:
|
||||
- lint
|
||||
- test
|
||||
- play
|
||||
- play-pre
|
||||
- play-main
|
||||
- play-post
|
||||
before_script:
|
||||
# Dump our key
|
||||
- eval $(ssh-agent -s)
|
||||
@ -58,23 +60,33 @@ Test:
|
||||
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
||||
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
||||
|
||||
Play_Against_Remote:
|
||||
stage: play
|
||||
# PRE-MAIN CONFIGURATION
|
||||
Local:
|
||||
stage: play-pre
|
||||
script:
|
||||
- ansible-playbook --skip-tags no-auto -l '!tags_home' site.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw || error="$?"
|
||||
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
||||
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
||||
Play_Against_Home:
|
||||
stage: play
|
||||
- ansible-playbook --skip-tags no-auto playbooks/site_local.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
||||
Pre:
|
||||
stage: play-pre
|
||||
script:
|
||||
- ansible-playbook --skip-tags no-auto playbooks/site_pre.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
||||
|
||||
# MAIN CONFIGURATION
|
||||
Main:
|
||||
stage: play-main
|
||||
script:
|
||||
- ansible-playbook --skip-tags no-auto playbooks/site_main.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
||||
Common:
|
||||
stage: play-main
|
||||
script:
|
||||
- ansible-playbook --skip-tags no-auto playbooks/site_common.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
||||
Nagios:
|
||||
stage: play-main
|
||||
retry: 1
|
||||
script:
|
||||
- ansible-playbook --skip-tags no-auto -l tags_home site.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw || error="$?"
|
||||
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
||||
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
||||
Play_Nagios:
|
||||
stage: play
|
||||
retry: 1
|
||||
- ansible-playbook -l web3.dallas.mgmt.desu.ltd playbooks/prod_web.yml --tags nagios --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
||||
|
||||
# CLEANUP
|
||||
Cleanup:
|
||||
stage: play-post
|
||||
script:
|
||||
- ansible-playbook -l web3.dallas.mgmt.desu.ltd playbooks/prod_web.yml --tags nagios --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw || error="$?"
|
||||
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
||||
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
||||
- ansible-playbook --skip-tags no-auto playbooks/site_post.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
||||
|
12
playbooks/home_bastion.yml
Executable file
12
playbooks/home_bastion.yml
Executable file
@ -0,0 +1,12 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
- hosts: vm-bastion-1.home.mgmt.desu.ltd
|
||||
gather_facts: no
|
||||
tasks:
|
||||
- name: assure nfs mount directory
|
||||
file: path=/nfs/projects state=directory mode=0755
|
||||
tags: [ storage ]
|
||||
- name: assure nfs mount
|
||||
mount: path=/nfs/projects src=192.168.190.1:/nfs/projects fstype=nfs4 opts="rsize=10248576,wsize=1048576,soft,timeo=600,retrans=2,_netdev" state=mounted
|
||||
tags: [ storage ]
|
@ -21,6 +21,7 @@
|
||||
35326337636464376566393764663261346339633035613732633134656233393130646161326361
|
||||
6231653638613061373734373539313933343739346537373961
|
||||
zone: desu.ltd
|
||||
overwrite: yes
|
||||
tasks:
|
||||
- name: configure dns
|
||||
block:
|
6
playbooks/site_common.yml
Executable file
6
playbooks/site_common.yml
Executable file
@ -0,0 +1,6 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
# Supplementary tags
|
||||
- import_playbook: tags_ansible.yml
|
||||
- import_playbook: tags_ansible-pull.yml
|
4
playbooks/site_local.yml
Executable file
4
playbooks/site_local.yml
Executable file
@ -0,0 +1,4 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
- import_playbook: local_dns.yml
|
18
playbooks/site_main.yml
Executable file
18
playbooks/site_main.yml
Executable file
@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
# Main playbooks for machines across my environments
|
||||
# Does not include supplementary management configuration
|
||||
# Home configuration
|
||||
- import_playbook: home_db.yml
|
||||
- import_playbook: home_fs.yml
|
||||
- import_playbook: home_app.yml
|
||||
- import_playbook: home_game.yml
|
||||
- import_playbook: home_media.yml
|
||||
- import_playbook: home_automation.yml
|
||||
- import_playbook: home_bastion.yml
|
||||
# Production configuration
|
||||
- import_playbook: prod_db.yml
|
||||
- import_playbook: prod_web.yml
|
||||
- import_playbook: prod_com.yml
|
||||
- import_playbook: prod_game.yml
|
8
playbooks/site_post.yml
Executable file
8
playbooks/site_post.yml
Executable file
@ -0,0 +1,8 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
# Housekeeping tags for one-off tasks
|
||||
- import_playbook: tags_docker-prune.yml
|
||||
- import_playbook: tags_autoreboot.yml
|
||||
# Last little bit of cleanup
|
||||
- import_playbook: cleanup.yml
|
24
playbooks/site_pre.yml
Executable file
24
playbooks/site_pre.yml
Executable file
@ -0,0 +1,24 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
# Preambulatory system configuration
|
||||
# It's implicit that configuration here MUST preceed site_main.yml
|
||||
- import_playbook: all.yml
|
||||
- import_playbook: all_scanner.yml
|
||||
# Platform configuration
|
||||
- import_playbook: platforms_ubuntu-20-04.yml
|
||||
- import_playbook: platforms_ubuntu-21-10.yml
|
||||
- import_playbook: platforms_proxmox-ve-7.yml
|
||||
# Manufacturer configuration
|
||||
- import_playbook: manufacturers_raspi.yml
|
||||
- import_playbook: manufacturers_s76.yml
|
||||
# Zerotier network configuration
|
||||
- import_playbook: tags_zt-personal.yml
|
||||
- import_playbook: tags_zt-management.yml
|
||||
# Tags for fundamental services
|
||||
- import_playbook: tags_snmp.yml
|
||||
- import_playbook: tags_nagios.yml
|
||||
# Role (in the Netbox sense) configuration
|
||||
- import_playbook: device_roles_bastion.yml
|
||||
- import_playbook: device_roles_game.yml
|
||||
- import_playbook: device_roles_workstation.yml
|
47
site.yml
47
site.yml
@ -1,44 +1,13 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
# Configuration that happens local to the Ansible controller
|
||||
- import_playbook: playbooks/site_local.yml
|
||||
# Preambulatory system configuration
|
||||
- import_playbook: playbooks/all.yml
|
||||
- import_playbook: playbooks/all_dns.yml
|
||||
- import_playbook: playbooks/all_scanner.yml
|
||||
# Platform configuration
|
||||
- import_playbook: playbooks/platforms_ubuntu-20-04.yml
|
||||
- import_playbook: playbooks/platforms_ubuntu-21-10.yml
|
||||
- import_playbook: playbooks/platforms_proxmox-ve-7.yml
|
||||
# Manufacturer configuration
|
||||
- import_playbook: playbooks/manufacturers_raspi.yml
|
||||
- import_playbook: playbooks/manufacturers_s76.yml
|
||||
# Zerotier network configuration
|
||||
- import_playbook: playbooks/tags_zt-personal.yml
|
||||
- import_playbook: playbooks/tags_zt-management.yml
|
||||
# Tags for fundamental services
|
||||
- import_playbook: playbooks/tags_snmp.yml
|
||||
- import_playbook: playbooks/tags_nagios.yml
|
||||
# Role (in the Netbox sense) configuration
|
||||
- import_playbook: playbooks/device_roles_bastion.yml
|
||||
- import_playbook: playbooks/device_roles_game.yml
|
||||
- import_playbook: playbooks/device_roles_workstation.yml
|
||||
# Home configuration
|
||||
- import_playbook: playbooks/home_db.yml
|
||||
- import_playbook: playbooks/home_fs.yml
|
||||
- import_playbook: playbooks/home_app.yml
|
||||
- import_playbook: playbooks/home_game.yml
|
||||
- import_playbook: playbooks/home_media.yml
|
||||
- import_playbook: playbooks/home_automation.yml
|
||||
# Production configuration
|
||||
- import_playbook: playbooks/prod_db.yml
|
||||
- import_playbook: playbooks/prod_web.yml
|
||||
- import_playbook: playbooks/prod_com.yml
|
||||
- import_playbook: playbooks/prod_game.yml
|
||||
- import_playbook: playbooks/site_pre.yml
|
||||
# Main environment configuration
|
||||
- import_playbook: playbooks/site_main.yml
|
||||
# Supplementary tags
|
||||
- import_playbook: playbooks/tags_ansible.yml
|
||||
- import_playbook: playbooks/tags_ansible-pull.yml
|
||||
# Housekeeping tags for one-off tasks
|
||||
- import_playbook: playbooks/tags_docker-prune.yml
|
||||
- import_playbook: playbooks/tags_autoreboot.yml
|
||||
# Last little bit of cleanup
|
||||
- import_playbook: playbooks/cleanup.yml
|
||||
- import_playbook: playbooks/site_common.yml
|
||||
# Post-play housekeeping and reboots
|
||||
- import_playbook: playbooks/site_post.yml
|
||||
|
Loading…
x
Reference in New Issue
Block a user