From c3ca8dc07436eba0bdba257a1292ada4699328fc Mon Sep 17 00:00:00 2001 From: Sergey Antropoff Date: Mon, 17 Mar 2025 21:24:13 +0300 Subject: [PATCH] =?UTF-8?q?=D1=84=D0=B8=D0=BA=D1=81=20=D0=BF=D1=83=C3=91?= =?UTF-8?q?=D0=BE=D1=82=D0=BD=D0=BE=D1=81=D0=B8=D1=82=D0=B5=D0=BB=D1=8C?= =?UTF-8?q?=D0=BD=D1=8B=D1=85=20=D0=BF=D1=83=D1=82=D0=B5=D0=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 4 +-- docker-compose.yaml | 2 +- gitlab-ci.yml | 47 +++++++++++++++++++++++++++-------- molecule/default/molecule.yml | 2 +- 4 files changed, 41 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index d272648..e0ab84c 100644 --- a/Makefile +++ b/Makefile @@ -97,7 +97,7 @@ role: cp -r default/ "roles/$${ROLE_NAME}"; \ printf "\n- name: $${ROLE_DESC}" >> roles/deploy.yaml; \ printf "\n import_playbook: $${ROLE_NAME}/deploy.yaml" >> roles/deploy.yaml; \ - printf '\n - /ansible/roles/%s' "$$ROLE_NAME" >> molecule/default/converge.yml; \ + printf '\n - roles/%s' "$$ROLE_NAME" >> molecule/default/converge.yml; \ printf "\n - $${ROLE_NAME}" >> roles/$$ROLE_NAME/deploy.yaml;; \ lint) \ clear; \ @@ -114,7 +114,7 @@ role: deploy) \ clear; \ echo "Deploying roles to production..."; \ - $(RUN) bash -c "ansible-playbook /ansible/roles/deploy.yaml";; \ + $(RUN) bash -c "ansible-playbook roles/deploy.yaml";; \ *) echo "Unknown action";; \ esac diff --git a/docker-compose.yaml b/docker-compose.yaml index 9b924a3..88f68de 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -9,7 +9,7 @@ services: - .:/ansible - /var/run/docker.sock:/var/run/docker.sock environment: - - ANSIBLE_VAULT_PASSWORD_FILE=/ansible/vault-password.txt + - ANSIBLE_VAULT_PASSWORD_FILE=./vault-password.txt tty: true privileged: true working_dir: /ansible \ No newline at end of file diff --git a/gitlab-ci.yml b/gitlab-ci.yml index 1f0b999..6c18061 100644 --- a/gitlab-ci.yml +++ b/gitlab-ci.yml @@ -3,34 +3,61 @@ stages: - test - deploy +services: + - name: docker:dind + command: ["--tls=false"] + variables: DOCKER_IMAGE: "hub.cism-ms.ru/ansible/ansible:latest" - RUN: "docker run -it --rm --name $(IMAGE) -v $(pwd):/ansible -v /var/run/docker.sock:/var/run/docker.sock -e ANSIBLE_VAULT_PASSWORD_FILE=/ansible/vault-password.txt --privileged --workdir /ansible $DOCKER_IMAGE" + DOCKER_TLS_CERTDIR: "" before_script: - - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY + - rm -rf /ansible + - echo "$CI_REGISTRY_PASSWORD" | docker login hub.cism-ms.ru -u "$CI_REGISTRY_USER" --password-stdin - docker pull $DOCKER_IMAGE + - echo "Fixing directory permissions..." + - chmod o-w $CI_PROJECT_DIR + #- mkdir -p /ansible + #- cp -rs "$CI_PROJECT_DIR"/* /ansible/ + #- find "$CI_PROJECT_DIR" -mindepth 1 -exec ln -s {} /ansible \; + #- ln -s "$CI_PROJECT_DIR/vault-password.txt" /ansible/vault_password.txt lint: stage: lint script: - - $(RUN) bash -c "ansible-vault decrypt --vault-password-file vault-password.txt vars/secrets.yml" - - $(RUN) bash -c "ansible-lint roles/*" - - $(RUN) bash -c "ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt" + - echo "Сначала покажем содержимое каталога /ansible" + - ls -l /ansible + - echo "Распаковываем секреты..." + - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml + - echo "Запускаем ansible-lint..." + - ansible-lint roles/* + - echo "Упаковываем секреты..." + - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt allow_failure: false test: stage: test script: - - $(RUN) bash -c "ansible-vault decrypt --vault-password-file vault-password.txt vars/secrets.yml" - - $(RUN) bash -c "molecule test --parallel" - - $(RUN) bash -c "ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt" + - echo "Распаковываем секреты..." + - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml + - echo "Запускаем тесты через Молекулу..." + - molecule test --parallel + - echo "Упаковываем секреты..." + - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt allow_failure: false deploy: stage: deploy script: - - echo "Deploying roles to production..." - - $(RUN) bash -c "ansible-playbook /ansible/roles/deploy.yaml" + - echo "Распаковываем секреты..." + - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml + - echo "Все ок. Деплоим в прод..." + - ansible-playbook /ansible/roles/deploy.yaml + - echo "Упаковываем секреты..." + - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt only: - /^cluster-.*$/ + +after_script: + - echo "Removing symlink..." + - rm -rf /ansible diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index d384fff..f190509 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -3,7 +3,7 @@ dependency: name: galaxy enabled: true options: - requirements-file: /ansible/requirements.yml + requirements-file: requirements.yml driver: name: docker