Rework GitLab pipelines
This commit is contained in:
parent
d27554bffb
commit
28b34833ab
@ -4,7 +4,9 @@ variables:
|
|||||||
stages:
|
stages:
|
||||||
- lint
|
- lint
|
||||||
- test
|
- test
|
||||||
- play
|
- play-pre
|
||||||
|
- play-main
|
||||||
|
- play-post
|
||||||
before_script:
|
before_script:
|
||||||
# Dump our key
|
# Dump our key
|
||||||
- eval $(ssh-agent -s)
|
- eval $(ssh-agent -s)
|
||||||
@ -58,23 +60,33 @@ Test:
|
|||||||
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
||||||
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
||||||
|
|
||||||
Play_Against_Remote:
|
# PRE-MAIN CONFIGURATION
|
||||||
stage: play
|
Local:
|
||||||
|
stage: play-pre
|
||||||
script:
|
script:
|
||||||
- ansible-playbook --skip-tags no-auto -l '!tags_home' site.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw || error="$?"
|
- ansible-playbook --skip-tags no-auto playbooks/site_local.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
||||||
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
Pre:
|
||||||
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
stage: play-pre
|
||||||
Play_Against_Home:
|
script:
|
||||||
stage: play
|
- ansible-playbook --skip-tags no-auto playbooks/site_pre.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
||||||
|
|
||||||
|
# MAIN CONFIGURATION
|
||||||
|
Main:
|
||||||
|
stage: play-main
|
||||||
|
script:
|
||||||
|
- ansible-playbook --skip-tags no-auto playbooks/site_main.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
||||||
|
Common:
|
||||||
|
stage: play-main
|
||||||
|
script:
|
||||||
|
- ansible-playbook --skip-tags no-auto playbooks/site_common.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
||||||
|
Nagios:
|
||||||
|
stage: play-main
|
||||||
retry: 1
|
retry: 1
|
||||||
script:
|
script:
|
||||||
- ansible-playbook --skip-tags no-auto -l tags_home site.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw || error="$?"
|
- ansible-playbook -l web3.dallas.mgmt.desu.ltd playbooks/prod_web.yml --tags nagios --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
||||||
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
|
||||||
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
# CLEANUP
|
||||||
Play_Nagios:
|
Cleanup:
|
||||||
stage: play
|
stage: play-post
|
||||||
retry: 1
|
|
||||||
script:
|
script:
|
||||||
- ansible-playbook -l web3.dallas.mgmt.desu.ltd playbooks/prod_web.yml --tags nagios --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw || error="$?"
|
- ansible-playbook --skip-tags no-auto playbooks/site_post.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file /vaultpw
|
||||||
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
|
||||||
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
|
||||||
|
|||||||
12
playbooks/home_bastion.yml
Executable file
12
playbooks/home_bastion.yml
Executable file
@ -0,0 +1,12 @@
|
|||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
---
|
||||||
|
- hosts: vm-bastion-1.home.mgmt.desu.ltd
|
||||||
|
gather_facts: no
|
||||||
|
tasks:
|
||||||
|
- name: assure nfs mount directory
|
||||||
|
file: path=/nfs/projects state=directory mode=0755
|
||||||
|
tags: [ storage ]
|
||||||
|
- name: assure nfs mount
|
||||||
|
mount: path=/nfs/projects src=192.168.190.1:/nfs/projects fstype=nfs4 opts="rsize=10248576,wsize=1048576,soft,timeo=600,retrans=2,_netdev" state=mounted
|
||||||
|
tags: [ storage ]
|
||||||
@ -21,6 +21,7 @@
|
|||||||
35326337636464376566393764663261346339633035613732633134656233393130646161326361
|
35326337636464376566393764663261346339633035613732633134656233393130646161326361
|
||||||
6231653638613061373734373539313933343739346537373961
|
6231653638613061373734373539313933343739346537373961
|
||||||
zone: desu.ltd
|
zone: desu.ltd
|
||||||
|
overwrite: yes
|
||||||
tasks:
|
tasks:
|
||||||
- name: configure dns
|
- name: configure dns
|
||||||
block:
|
block:
|
||||||
6
playbooks/site_common.yml
Executable file
6
playbooks/site_common.yml
Executable file
@ -0,0 +1,6 @@
|
|||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
---
|
||||||
|
# Supplementary tags
|
||||||
|
- import_playbook: tags_ansible.yml
|
||||||
|
- import_playbook: tags_ansible-pull.yml
|
||||||
4
playbooks/site_local.yml
Executable file
4
playbooks/site_local.yml
Executable file
@ -0,0 +1,4 @@
|
|||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
---
|
||||||
|
- import_playbook: local_dns.yml
|
||||||
18
playbooks/site_main.yml
Executable file
18
playbooks/site_main.yml
Executable file
@ -0,0 +1,18 @@
|
|||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
---
|
||||||
|
# Main playbooks for machines across my environments
|
||||||
|
# Does not include supplementary management configuration
|
||||||
|
# Home configuration
|
||||||
|
- import_playbook: home_db.yml
|
||||||
|
- import_playbook: home_fs.yml
|
||||||
|
- import_playbook: home_app.yml
|
||||||
|
- import_playbook: home_game.yml
|
||||||
|
- import_playbook: home_media.yml
|
||||||
|
- import_playbook: home_automation.yml
|
||||||
|
- import_playbook: home_bastion.yml
|
||||||
|
# Production configuration
|
||||||
|
- import_playbook: prod_db.yml
|
||||||
|
- import_playbook: prod_web.yml
|
||||||
|
- import_playbook: prod_com.yml
|
||||||
|
- import_playbook: prod_game.yml
|
||||||
8
playbooks/site_post.yml
Executable file
8
playbooks/site_post.yml
Executable file
@ -0,0 +1,8 @@
|
|||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
---
|
||||||
|
# Housekeeping tags for one-off tasks
|
||||||
|
- import_playbook: tags_docker-prune.yml
|
||||||
|
- import_playbook: tags_autoreboot.yml
|
||||||
|
# Last little bit of cleanup
|
||||||
|
- import_playbook: cleanup.yml
|
||||||
24
playbooks/site_pre.yml
Executable file
24
playbooks/site_pre.yml
Executable file
@ -0,0 +1,24 @@
|
|||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
---
|
||||||
|
# Preambulatory system configuration
|
||||||
|
# It's implicit that configuration here MUST preceed site_main.yml
|
||||||
|
- import_playbook: all.yml
|
||||||
|
- import_playbook: all_scanner.yml
|
||||||
|
# Platform configuration
|
||||||
|
- import_playbook: platforms_ubuntu-20-04.yml
|
||||||
|
- import_playbook: platforms_ubuntu-21-10.yml
|
||||||
|
- import_playbook: platforms_proxmox-ve-7.yml
|
||||||
|
# Manufacturer configuration
|
||||||
|
- import_playbook: manufacturers_raspi.yml
|
||||||
|
- import_playbook: manufacturers_s76.yml
|
||||||
|
# Zerotier network configuration
|
||||||
|
- import_playbook: tags_zt-personal.yml
|
||||||
|
- import_playbook: tags_zt-management.yml
|
||||||
|
# Tags for fundamental services
|
||||||
|
- import_playbook: tags_snmp.yml
|
||||||
|
- import_playbook: tags_nagios.yml
|
||||||
|
# Role (in the Netbox sense) configuration
|
||||||
|
- import_playbook: device_roles_bastion.yml
|
||||||
|
- import_playbook: device_roles_game.yml
|
||||||
|
- import_playbook: device_roles_workstation.yml
|
||||||
47
site.yml
47
site.yml
@ -1,44 +1,13 @@
|
|||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
# vim:ft=ansible:
|
# vim:ft=ansible:
|
||||||
---
|
---
|
||||||
|
# Configuration that happens local to the Ansible controller
|
||||||
|
- import_playbook: playbooks/site_local.yml
|
||||||
# Preambulatory system configuration
|
# Preambulatory system configuration
|
||||||
- import_playbook: playbooks/all.yml
|
- import_playbook: playbooks/site_pre.yml
|
||||||
- import_playbook: playbooks/all_dns.yml
|
# Main environment configuration
|
||||||
- import_playbook: playbooks/all_scanner.yml
|
- import_playbook: playbooks/site_main.yml
|
||||||
# Platform configuration
|
|
||||||
- import_playbook: playbooks/platforms_ubuntu-20-04.yml
|
|
||||||
- import_playbook: playbooks/platforms_ubuntu-21-10.yml
|
|
||||||
- import_playbook: playbooks/platforms_proxmox-ve-7.yml
|
|
||||||
# Manufacturer configuration
|
|
||||||
- import_playbook: playbooks/manufacturers_raspi.yml
|
|
||||||
- import_playbook: playbooks/manufacturers_s76.yml
|
|
||||||
# Zerotier network configuration
|
|
||||||
- import_playbook: playbooks/tags_zt-personal.yml
|
|
||||||
- import_playbook: playbooks/tags_zt-management.yml
|
|
||||||
# Tags for fundamental services
|
|
||||||
- import_playbook: playbooks/tags_snmp.yml
|
|
||||||
- import_playbook: playbooks/tags_nagios.yml
|
|
||||||
# Role (in the Netbox sense) configuration
|
|
||||||
- import_playbook: playbooks/device_roles_bastion.yml
|
|
||||||
- import_playbook: playbooks/device_roles_game.yml
|
|
||||||
- import_playbook: playbooks/device_roles_workstation.yml
|
|
||||||
# Home configuration
|
|
||||||
- import_playbook: playbooks/home_db.yml
|
|
||||||
- import_playbook: playbooks/home_fs.yml
|
|
||||||
- import_playbook: playbooks/home_app.yml
|
|
||||||
- import_playbook: playbooks/home_game.yml
|
|
||||||
- import_playbook: playbooks/home_media.yml
|
|
||||||
- import_playbook: playbooks/home_automation.yml
|
|
||||||
# Production configuration
|
|
||||||
- import_playbook: playbooks/prod_db.yml
|
|
||||||
- import_playbook: playbooks/prod_web.yml
|
|
||||||
- import_playbook: playbooks/prod_com.yml
|
|
||||||
- import_playbook: playbooks/prod_game.yml
|
|
||||||
# Supplementary tags
|
# Supplementary tags
|
||||||
- import_playbook: playbooks/tags_ansible.yml
|
- import_playbook: playbooks/site_common.yml
|
||||||
- import_playbook: playbooks/tags_ansible-pull.yml
|
# Post-play housekeeping and reboots
|
||||||
# Housekeeping tags for one-off tasks
|
- import_playbook: playbooks/site_post.yml
|
||||||
- import_playbook: playbooks/tags_docker-prune.yml
|
|
||||||
- import_playbook: playbooks/tags_autoreboot.yml
|
|
||||||
# Last little bit of cleanup
|
|
||||||
- import_playbook: playbooks/cleanup.yml
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user