Proxy all gitlab CI attempts through a bastion box

2022-02-15 13:40:38 -06:00 · 2022-02-15 13:40:38 -06:00 · 4a73e8782f
commit 4a73e8782f
parent e9bf120509
1 changed files with 5 additions and 3 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,4 +1,6 @@
 image: rehashedsalt/ansible-env:bleeding
 variables:
  SSH_BASTION_ARGS: '-o "ProxyCommand=ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"'
 stages:
  - lint
  - test
@ -48,20 +50,20 @@ Test:
  except:
    - pipelines
  script:
-    - ansible-playbook --skip-tags no-test -C site.yml --vault-password-file /vaultpw || error="$?"
+    - ansible-playbook --skip-tags no-test -C site.yml --ssh-common-args="$SSH_BASTION_ARGS" --vault-password-file /vaultpw || error="$?"
    - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
    - if [ -n "$error" ]; then echo "Return code $error"; false; fi
 Play_Against_Remote:
  stage: play
  script:
-    - ansible-playbook -l '!tags_home' site.yml --vault-password-file /vaultpw || error="$?"
+    - ansible-playbook -l '!tags_home' site.yml --ssh-common-args="$SSH_BASTION_ARGS" --vault-password-file /vaultpw || error="$?"
    - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
    - if [ -n "$error" ]; then echo "Return code $error"; false; fi
 Play_Against_Home:
  stage: play
  retry: 1
  script:
-    - ansible-playbook -l tags_home site.yml --vault-password-file /vaultpw || error="$?"
+    - ansible-playbook -l tags_home site.yml --ssh-common-args="$SSH_BASTION_ARGS" --vault-password-file /vaultpw || error="$?"
    - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
    - if [ -n "$error" ]; then echo "Return code $error"; false; fi