фикс пуÑотносительных путей
This commit is contained in:
4
Makefile
4
Makefile
@@ -97,7 +97,7 @@ role:
|
|||||||
cp -r default/ "roles/$${ROLE_NAME}"; \
|
cp -r default/ "roles/$${ROLE_NAME}"; \
|
||||||
printf "\n- name: $${ROLE_DESC}" >> roles/deploy.yaml; \
|
printf "\n- name: $${ROLE_DESC}" >> roles/deploy.yaml; \
|
||||||
printf "\n import_playbook: $${ROLE_NAME}/deploy.yaml" >> roles/deploy.yaml; \
|
printf "\n import_playbook: $${ROLE_NAME}/deploy.yaml" >> roles/deploy.yaml; \
|
||||||
printf '\n - /ansible/roles/%s' "$$ROLE_NAME" >> molecule/default/converge.yml; \
|
printf '\n - roles/%s' "$$ROLE_NAME" >> molecule/default/converge.yml; \
|
||||||
printf "\n - $${ROLE_NAME}" >> roles/$$ROLE_NAME/deploy.yaml;; \
|
printf "\n - $${ROLE_NAME}" >> roles/$$ROLE_NAME/deploy.yaml;; \
|
||||||
lint) \
|
lint) \
|
||||||
clear; \
|
clear; \
|
||||||
@@ -114,7 +114,7 @@ role:
|
|||||||
deploy) \
|
deploy) \
|
||||||
clear; \
|
clear; \
|
||||||
echo "Deploying roles to production..."; \
|
echo "Deploying roles to production..."; \
|
||||||
$(RUN) bash -c "ansible-playbook /ansible/roles/deploy.yaml";; \
|
$(RUN) bash -c "ansible-playbook roles/deploy.yaml";; \
|
||||||
*) echo "Unknown action";; \
|
*) echo "Unknown action";; \
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ services:
|
|||||||
- .:/ansible
|
- .:/ansible
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
environment:
|
environment:
|
||||||
- ANSIBLE_VAULT_PASSWORD_FILE=/ansible/vault-password.txt
|
- ANSIBLE_VAULT_PASSWORD_FILE=./vault-password.txt
|
||||||
tty: true
|
tty: true
|
||||||
privileged: true
|
privileged: true
|
||||||
working_dir: /ansible
|
working_dir: /ansible
|
||||||
@@ -3,34 +3,61 @@ stages:
|
|||||||
- test
|
- test
|
||||||
- deploy
|
- deploy
|
||||||
|
|
||||||
|
services:
|
||||||
|
- name: docker:dind
|
||||||
|
command: ["--tls=false"]
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
DOCKER_IMAGE: "hub.cism-ms.ru/ansible/ansible:latest"
|
DOCKER_IMAGE: "hub.cism-ms.ru/ansible/ansible:latest"
|
||||||
RUN: "docker run -it --rm --name $(IMAGE) -v $(pwd):/ansible -v /var/run/docker.sock:/var/run/docker.sock -e ANSIBLE_VAULT_PASSWORD_FILE=/ansible/vault-password.txt --privileged --workdir /ansible $DOCKER_IMAGE"
|
DOCKER_TLS_CERTDIR: ""
|
||||||
|
|
||||||
before_script:
|
before_script:
|
||||||
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
|
- rm -rf /ansible
|
||||||
|
- echo "$CI_REGISTRY_PASSWORD" | docker login hub.cism-ms.ru -u "$CI_REGISTRY_USER" --password-stdin
|
||||||
- docker pull $DOCKER_IMAGE
|
- docker pull $DOCKER_IMAGE
|
||||||
|
- echo "Fixing directory permissions..."
|
||||||
|
- chmod o-w $CI_PROJECT_DIR
|
||||||
|
#- mkdir -p /ansible
|
||||||
|
#- cp -rs "$CI_PROJECT_DIR"/* /ansible/
|
||||||
|
#- find "$CI_PROJECT_DIR" -mindepth 1 -exec ln -s {} /ansible \;
|
||||||
|
#- ln -s "$CI_PROJECT_DIR/vault-password.txt" /ansible/vault_password.txt
|
||||||
|
|
||||||
lint:
|
lint:
|
||||||
stage: lint
|
stage: lint
|
||||||
script:
|
script:
|
||||||
- $(RUN) bash -c "ansible-vault decrypt --vault-password-file vault-password.txt vars/secrets.yml"
|
- echo "Сначала покажем содержимое каталога /ansible"
|
||||||
- $(RUN) bash -c "ansible-lint roles/*"
|
- ls -l /ansible
|
||||||
- $(RUN) bash -c "ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt"
|
- echo "Распаковываем секреты..."
|
||||||
|
- ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml
|
||||||
|
- echo "Запускаем ansible-lint..."
|
||||||
|
- ansible-lint roles/*
|
||||||
|
- echo "Упаковываем секреты..."
|
||||||
|
- ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
|
||||||
allow_failure: false
|
allow_failure: false
|
||||||
|
|
||||||
test:
|
test:
|
||||||
stage: test
|
stage: test
|
||||||
script:
|
script:
|
||||||
- $(RUN) bash -c "ansible-vault decrypt --vault-password-file vault-password.txt vars/secrets.yml"
|
- echo "Распаковываем секреты..."
|
||||||
- $(RUN) bash -c "molecule test --parallel"
|
- ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml
|
||||||
- $(RUN) bash -c "ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt"
|
- echo "Запускаем тесты через Молекулу..."
|
||||||
|
- molecule test --parallel
|
||||||
|
- echo "Упаковываем секреты..."
|
||||||
|
- ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
|
||||||
allow_failure: false
|
allow_failure: false
|
||||||
|
|
||||||
deploy:
|
deploy:
|
||||||
stage: deploy
|
stage: deploy
|
||||||
script:
|
script:
|
||||||
- echo "Deploying roles to production..."
|
- echo "Распаковываем секреты..."
|
||||||
- $(RUN) bash -c "ansible-playbook /ansible/roles/deploy.yaml"
|
- ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml
|
||||||
|
- echo "Все ок. Деплоим в прод..."
|
||||||
|
- ansible-playbook /ansible/roles/deploy.yaml
|
||||||
|
- echo "Упаковываем секреты..."
|
||||||
|
- ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
|
||||||
only:
|
only:
|
||||||
- /^cluster-.*$/
|
- /^cluster-.*$/
|
||||||
|
|
||||||
|
after_script:
|
||||||
|
- echo "Removing symlink..."
|
||||||
|
- rm -rf /ansible
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ dependency:
|
|||||||
name: galaxy
|
name: galaxy
|
||||||
enabled: true
|
enabled: true
|
||||||
options:
|
options:
|
||||||
requirements-file: /ansible/requirements.yml
|
requirements-file: requirements.yml
|
||||||
|
|
||||||
driver:
|
driver:
|
||||||
name: docker
|
name: docker
|
||||||
|
|||||||
Reference in New Issue
Block a user