image: rehashedsalt/ansible-env:bleeding
variables:
  ANSIBLE_INVENTORY: inventories/production-no-auto
  ANSIBLE_STRATEGY: free
stages:
  - lint
  - test
  - play-pre
  - play-main
  - play-post
before_script:
  # Dump our key
  - eval $(ssh-agent -s)
  - echo "$ANSIBLE_SSH_KEY" | tr -d '\r' | ssh-add -
  - mkdir -p ~/.ssh
  - chmod -R 0700 ~/.ssh
  # Dump the vault password
  - touch ~/.vault_pass
  - chmod 0600 ~/.vault_pass
  - echo "$ANSIBLE_VAULT_PASSWORD" > ~/.vault_pass
  # Fix perms on the playbook root
  - chmod -R 0750 .
  # Join the Zerotier management network
  - |
    [ -n "$ZEROTIER_NETWORK_ID" ] && \
    service zerotier-one start && \
    sleep 5 && \
    zerotier-cli join "$ZEROTIER_NETWORK_ID" && \
    sleep 5 && \
    zerotier-cli info && \
    zerotier-cli listnetworks
  # Get ready for execution
  - ansible-galaxy install -r requirements.yml
  # Run a quick test SSH connection to the bastion box
  - ssh -o StrictHostKeyChecking=no ansible@bastion1.dallas.mgmt.desu.ltd uptime
  # And a quick test SSH connection over proxy
  - ssh -o StrictHostKeyChecking=no -o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd" ansible@bastion1.dallas.mgmt.desu.ltd uptime
after_script:
  - |
    [ -n "$ZEROTIER_NETWORK_ID" ] && \
    zerotier-cli leave "$ZEROTIER_NETWORK_ID"

Lint:
  stage: lint
  interruptible: yes
  except:
    - pipelines
    - schedules
  script:
    - ansible-lint --version
    - ansible-lint site.yml --offline

Test:
  stage: test
  retry: 1
  interruptible: yes
  except:
    - pipelines
  script:
    - ansible-playbook --skip-tags no-test,no-auto -C site.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file ~/.vault_pass || error="$?"
    - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
    - if [ -n "$error" ]; then echo "Return code $error"; false; fi

# PRE-MAIN CONFIGURATION
Local:
  stage: play-pre
  script:
    - ansible-playbook --skip-tags no-auto playbooks/site_local.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file ~/.vault_pass
Pre:
  stage: play-pre
  script:
    - ansible-playbook --skip-tags no-auto playbooks/site_pre.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file ~/.vault_pass

# MAIN CONFIGURATION
Main:
  stage: play-main
  retry: 1
  script:
    - ansible-playbook --skip-tags no-auto playbooks/site_main.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file ~/.vault_pass
Common:
  stage: play-main
  script:
    - ansible-playbook --skip-tags no-auto playbooks/site_common.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file ~/.vault_pass
Nagios:
  stage: play-main
  retry: 1
  script:
    - ansible-playbook -l vm-general-1.ashburn.mgmt.desu.ltd playbooks/prod_web.yml --tags nagios --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file ~/.vault_pass

# CLEANUP
Cleanup:
  stage: play-post
  script:
    - ansible-playbook --skip-tags no-auto playbooks/site_post.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file ~/.vault_pass