image: ubuntu:focal stages: - lint - test - play before_script: # Get the packages we need - apt-get update - apt-get install gnupg openssh-client python3-cryptography python3-docker python3-pip python-is-python3 wget -y - pip install ansible ansible-lint pynetbox # Dump our key - eval $(ssh-agent -s) - echo "$ANSIBLE_SSH_KEY" | tr -d '\r' | ssh-add - - mkdir -p ~/.ssh - chmod -R 0700 ~/.ssh # Dump the vault password - touch /vaultpw - chmod 0600 /vaultpw - echo "$ANSIBLE_VAULT_PASSWORD" > /vaultpw # Dump the Netbox key - touch private.pem - chmod 0600 private.pem - echo "$NETBOX_USER_KEY" > private.pem # Fix perms on the playbook root - chmod -R 0750 . # Join the Zerotier management network - | [ -n "$ZEROTIER_NETWORK_ID" ] && \ wget -qO - https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg | apt-key add - && \ echo "deb http://download.zerotier.com/debian/buster buster main" >> /etc/apt/sources.list && \ apt-get update && \ apt-get install zerotier-one -y && \ service zerotier-one start && \ sleep 5 && \ zerotier-cli join "$ZEROTIER_NETWORK_ID" && \ sleep 5 && \ zerotier-cli info && \ zerotier-cli listnetworks # Get ready for execution - ansible-galaxy install -r requirements.yml after_script: - | [ -n "$ZEROTIER_NETWORK_ID" ] && \ zerotier-cli leave "$ZEROTIER_NETWORK_ID" Lint: stage: lint interruptible: yes except: - pipelines - schedules script: - ansible-lint --version - ansible-lint site.yml Test: stage: test interruptible: yes except: - pipelines script: - ansible-playbook --skip-tags no-test -C site.yml --vault-password-file /vaultpw || error="$?" - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - if [ -n "$error" ]; then echo "Return code $error"; false; fi Play_Against_Pis: stage: play script: - ansible-playbook -l manufacturers_raspi site.yml --vault-password-file /vaultpw || error="$?" - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - if [ -n "$error" ]; then echo "Return code $error"; false; fi Play_Against_Desktops: stage: play script: - ansible-playbook -l device_roles_workstation site.yml --vault-password-file /vaultpw || error="$?" - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - if [ -n "$error" ]; then echo "Return code $error"; false; fi Play_Against_Production: stage: play script: - ansible-playbook -l tags_prod site.yml --vault-password-file /vaultpw || error="$?" - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - if [ -n "$error" ]; then echo "Return code $error"; false; fi