From 28b34833ab43049247f8326ad5b08fac5e8dbbbc Mon Sep 17 00:00:00 2001 From: Salt Date: Mon, 7 Mar 2022 10:46:02 -0600 Subject: [PATCH] Rework GitLab pipelines --- .gitlab-ci.yml | 46 ++++++++++++++--------- playbooks/home_bastion.yml | 12 ++++++ playbooks/{all_dns.yml => local_dns.yml} | 1 + playbooks/site_common.yml | 6 +++ playbooks/site_local.yml | 4 ++ playbooks/site_main.yml | 18 +++++++++ playbooks/site_post.yml | 8 ++++ playbooks/site_pre.yml | 24 ++++++++++++ site.yml | 47 ++++-------------------- 9 files changed, 110 insertions(+), 56 deletions(-) create mode 100755 playbooks/home_bastion.yml rename playbooks/{all_dns.yml => local_dns.yml} (99%) create mode 100755 playbooks/site_common.yml create mode 100755 playbooks/site_local.yml create mode 100755 playbooks/site_main.yml create mode 100755 playbooks/site_post.yml create mode 100755 playbooks/site_pre.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c203429..165ac7a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,7 +4,9 @@ variables: stages: - lint - test - - play + - play-pre + - play-main + - play-post before_script: # Dump our key - eval $(ssh-agent -s) @@ -58,23 +60,33 @@ Test: - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - if [ -n "$error" ]; then echo "Return code $error"; false; fi -Play_Against_Remote: - stage: play +# PRE-MAIN CONFIGURATION +Local: + stage: play-pre script: - - ansible-playbook --skip-tags no-auto -l '!tags_home' site.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw || error="$?" - - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - - if [ -n "$error" ]; then echo "Return code $error"; false; fi -Play_Against_Home: - stage: play + - ansible-playbook --skip-tags no-auto playbooks/site_local.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw +Pre: + stage: play-pre + script: + - ansible-playbook --skip-tags no-auto playbooks/site_pre.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw + +# MAIN CONFIGURATION +Main: + stage: play-main + script: + - ansible-playbook --skip-tags no-auto playbooks/site_main.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw +Common: + stage: play-main + script: + - ansible-playbook --skip-tags no-auto playbooks/site_common.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw +Nagios: + stage: play-main retry: 1 script: - - ansible-playbook --skip-tags no-auto -l tags_home site.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw || error="$?" - - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - - if [ -n "$error" ]; then echo "Return code $error"; false; fi -Play_Nagios: - stage: play - retry: 1 + - ansible-playbook -l web3.dallas.mgmt.desu.ltd playbooks/prod_web.yml --tags nagios --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw + +# CLEANUP +Cleanup: + stage: play-post script: - - ansible-playbook -l web3.dallas.mgmt.desu.ltd playbooks/prod_web.yml --tags nagios --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw || error="$?" - - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - - if [ -n "$error" ]; then echo "Return code $error"; false; fi + - ansible-playbook --skip-tags no-auto playbooks/site_post.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw diff --git a/playbooks/home_bastion.yml b/playbooks/home_bastion.yml new file mode 100755 index 0000000..bec6c78 --- /dev/null +++ b/playbooks/home_bastion.yml @@ -0,0 +1,12 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +--- +- hosts: vm-bastion-1.home.mgmt.desu.ltd + gather_facts: no + tasks: + - name: assure nfs mount directory + file: path=/nfs/projects state=directory mode=0755 + tags: [ storage ] + - name: assure nfs mount + mount: path=/nfs/projects src=192.168.190.1:/nfs/projects fstype=nfs4 opts="rsize=10248576,wsize=1048576,soft,timeo=600,retrans=2,_netdev" state=mounted + tags: [ storage ] diff --git a/playbooks/all_dns.yml b/playbooks/local_dns.yml similarity index 99% rename from playbooks/all_dns.yml rename to playbooks/local_dns.yml index d11012c..10e7b43 100755 --- a/playbooks/all_dns.yml +++ b/playbooks/local_dns.yml @@ -21,6 +21,7 @@ 35326337636464376566393764663261346339633035613732633134656233393130646161326361 6231653638613061373734373539313933343739346537373961 zone: desu.ltd + overwrite: yes tasks: - name: configure dns block: diff --git a/playbooks/site_common.yml b/playbooks/site_common.yml new file mode 100755 index 0000000..d5efdea --- /dev/null +++ b/playbooks/site_common.yml @@ -0,0 +1,6 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +--- + # Supplementary tags +- import_playbook: tags_ansible.yml +- import_playbook: tags_ansible-pull.yml diff --git a/playbooks/site_local.yml b/playbooks/site_local.yml new file mode 100755 index 0000000..d608220 --- /dev/null +++ b/playbooks/site_local.yml @@ -0,0 +1,4 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +--- +- import_playbook: local_dns.yml diff --git a/playbooks/site_main.yml b/playbooks/site_main.yml new file mode 100755 index 0000000..565527d --- /dev/null +++ b/playbooks/site_main.yml @@ -0,0 +1,18 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +--- + # Main playbooks for machines across my environments + # Does not include supplementary management configuration + # Home configuration +- import_playbook: home_db.yml +- import_playbook: home_fs.yml +- import_playbook: home_app.yml +- import_playbook: home_game.yml +- import_playbook: home_media.yml +- import_playbook: home_automation.yml +- import_playbook: home_bastion.yml + # Production configuration +- import_playbook: prod_db.yml +- import_playbook: prod_web.yml +- import_playbook: prod_com.yml +- import_playbook: prod_game.yml diff --git a/playbooks/site_post.yml b/playbooks/site_post.yml new file mode 100755 index 0000000..b46c82b --- /dev/null +++ b/playbooks/site_post.yml @@ -0,0 +1,8 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +--- + # Housekeeping tags for one-off tasks +- import_playbook: tags_docker-prune.yml +- import_playbook: tags_autoreboot.yml + # Last little bit of cleanup +- import_playbook: cleanup.yml diff --git a/playbooks/site_pre.yml b/playbooks/site_pre.yml new file mode 100755 index 0000000..55c14d6 --- /dev/null +++ b/playbooks/site_pre.yml @@ -0,0 +1,24 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +--- + # Preambulatory system configuration + # It's implicit that configuration here MUST preceed site_main.yml +- import_playbook: all.yml +- import_playbook: all_scanner.yml + # Platform configuration +- import_playbook: platforms_ubuntu-20-04.yml +- import_playbook: platforms_ubuntu-21-10.yml +- import_playbook: platforms_proxmox-ve-7.yml + # Manufacturer configuration +- import_playbook: manufacturers_raspi.yml +- import_playbook: manufacturers_s76.yml + # Zerotier network configuration +- import_playbook: tags_zt-personal.yml +- import_playbook: tags_zt-management.yml + # Tags for fundamental services +- import_playbook: tags_snmp.yml +- import_playbook: tags_nagios.yml + # Role (in the Netbox sense) configuration +- import_playbook: device_roles_bastion.yml +- import_playbook: device_roles_game.yml +- import_playbook: device_roles_workstation.yml diff --git a/site.yml b/site.yml index 99c2603..a6e8362 100755 --- a/site.yml +++ b/site.yml @@ -1,44 +1,13 @@ #!/usr/bin/env ansible-playbook # vim:ft=ansible: --- + # Configuration that happens local to the Ansible controller +- import_playbook: playbooks/site_local.yml # Preambulatory system configuration -- import_playbook: playbooks/all.yml -- import_playbook: playbooks/all_dns.yml -- import_playbook: playbooks/all_scanner.yml - # Platform configuration -- import_playbook: playbooks/platforms_ubuntu-20-04.yml -- import_playbook: playbooks/platforms_ubuntu-21-10.yml -- import_playbook: playbooks/platforms_proxmox-ve-7.yml - # Manufacturer configuration -- import_playbook: playbooks/manufacturers_raspi.yml -- import_playbook: playbooks/manufacturers_s76.yml - # Zerotier network configuration -- import_playbook: playbooks/tags_zt-personal.yml -- import_playbook: playbooks/tags_zt-management.yml - # Tags for fundamental services -- import_playbook: playbooks/tags_snmp.yml -- import_playbook: playbooks/tags_nagios.yml - # Role (in the Netbox sense) configuration -- import_playbook: playbooks/device_roles_bastion.yml -- import_playbook: playbooks/device_roles_game.yml -- import_playbook: playbooks/device_roles_workstation.yml - # Home configuration -- import_playbook: playbooks/home_db.yml -- import_playbook: playbooks/home_fs.yml -- import_playbook: playbooks/home_app.yml -- import_playbook: playbooks/home_game.yml -- import_playbook: playbooks/home_media.yml -- import_playbook: playbooks/home_automation.yml - # Production configuration -- import_playbook: playbooks/prod_db.yml -- import_playbook: playbooks/prod_web.yml -- import_playbook: playbooks/prod_com.yml -- import_playbook: playbooks/prod_game.yml +- import_playbook: playbooks/site_pre.yml + # Main environment configuration +- import_playbook: playbooks/site_main.yml # Supplementary tags -- import_playbook: playbooks/tags_ansible.yml -- import_playbook: playbooks/tags_ansible-pull.yml - # Housekeeping tags for one-off tasks -- import_playbook: playbooks/tags_docker-prune.yml -- import_playbook: playbooks/tags_autoreboot.yml - # Last little bit of cleanup -- import_playbook: playbooks/cleanup.yml +- import_playbook: playbooks/site_common.yml + # Post-play housekeeping and reboots +- import_playbook: playbooks/site_post.yml