neue gitlab-ci.yml
This commit is contained in:
parent
501a064674
commit
4600e9f398
|
|
@ -1,13 +1,62 @@
|
|||
image: python:3-slim
|
||||
|
||||
before_script:
|
||||
- pip install ansible-lint
|
||||
- ansible-lint --version
|
||||
|
||||
stages:
|
||||
- ansible-lint
|
||||
- lint
|
||||
- deploy-dry
|
||||
- deploy
|
||||
|
||||
ansible-lint:
|
||||
stage: ansible-lint
|
||||
image: willhallonline/ansible:2.9-ubuntu-20.04
|
||||
stage: lint
|
||||
before_script:
|
||||
- chmod 0755 /builds/mg/ansible
|
||||
script:
|
||||
- ansible-lint .
|
||||
interruptible: true
|
||||
allow_failure: true
|
||||
rules:
|
||||
- if: $CI_MERGE_REQUEST_ID
|
||||
|
||||
markdown-lint:
|
||||
stage: lint
|
||||
image: pipelinecomponents/markdownlint:latest
|
||||
script:
|
||||
- mdl --style all --warnings .
|
||||
interruptible: true
|
||||
allow_failure: true
|
||||
rules:
|
||||
- if: $CI_MERGE_REQUEST_ID
|
||||
|
||||
ansible-deploy-dry:
|
||||
image: willhallonline/ansible:2.9-ubuntu-20.04
|
||||
stage: deploy-dry
|
||||
interruptible: false
|
||||
before_script:
|
||||
- chmod 0755 /builds/mg/ansible
|
||||
- echo "$id_rsa_ansible_user" > /builds/mg/ansible/id_rsa_ansible_user
|
||||
- chmod 0400 /builds/mg/ansible/id_rsa_ansible_user
|
||||
script:
|
||||
- ansible-playbook playbooks/base/0_master.yml playbooks/service/* -i inventory --check --limit production --vault-password-file $ansible_vault_pass
|
||||
after_script:
|
||||
- rm /builds/mg/ansible/id_rsa_ansible_user
|
||||
rules:
|
||||
- if: $CI_MERGE_REQUEST_ID
|
||||
allow_failure: true
|
||||
|
||||
ansible-deploy:
|
||||
image: willhallonline/ansible:2.9-ubuntu-20.04
|
||||
stage: deploy
|
||||
interruptible: false
|
||||
before_script:
|
||||
- chmod 0755 /builds/mg/ansible
|
||||
- echo "$id_rsa_ansible_user" > /builds/mg/ansible/id_rsa_ansible_user
|
||||
- chmod 0400 /builds/mg/ansible/id_rsa_ansible_user
|
||||
script:
|
||||
- ansible-playbook playbooks/base/0_master.yml playbooks/service/* -i inventory --check --limit test --vault-password-file $ansible_vault_pass
|
||||
after_script:
|
||||
- rm /builds/mg/ansible/id_rsa_ansible_user
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH == 'master'
|
||||
allow_failure: true
|
||||
|
||||
# GitLab-CI-Vars
|
||||
# $ansible_vault_pass - Type: File
|
||||
# $id_rsa_ansible_user - Type: Variable
|
||||
|
|
|
|||
|
|
@ -1,5 +1,8 @@
|
|||
# ansible_heimserver
|
||||
|
||||
[](http://git.mgrote.net/mg/ansible/-/commits/master)
|
||||
|
||||
|
||||
## Ansible KeePass Lookup Plugin aktualisieren
|
||||
```bash
|
||||
pip install 'pykeepass>3.2.0' --user
|
||||
|
|
@ -31,7 +34,7 @@ default('GitLab-Runner') }}" <-- wenn Inhalt leer, dann default...
|
|||
`ansible-playbook-grapher --include-role-tasks tests/fixtures/with_roles.yml`
|
||||
|
||||
## example-cli
|
||||
`ansible-playbook playbooks/base/0_master.yml -i inventory --limit jenkins-test.grote.lan --key-file id_rsa_ansible_user --vault-pass-file vault-pass.yml`
|
||||
`ansible-playbook playbooks/base/0_master.yml -i inventory --key-file id_rsa_ansible_user --limit jenkins-test.grote.lan`
|
||||
|
||||
## install necessary collections
|
||||
`ansible-galaxy collection install -r requirements.yml`
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ retry_files_enabled = False
|
|||
roles_path = ./roles
|
||||
lookup_plugins = ./plugins/lookup
|
||||
collections_paths = ./ansible_collections
|
||||
private_key_file = ./id_rsa_ansible_user
|
||||
#vault_password_file = ./vault-pass.yml
|
||||
[inventory]
|
||||
|
||||
[privilege_escalation]
|
||||
|
|
|
|||
|
|
@ -18,3 +18,10 @@
|
|||
docker_image: 'alpine'
|
||||
docker_volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
### oefenweb.ufw
|
||||
ufw_rules:
|
||||
- rule: allow
|
||||
to_port: 22
|
||||
protocol: tcp
|
||||
comment: 'ssh'
|
||||
from_ip: 192.168.2.0/24
|
||||
|
|
|
|||
Loading…
Reference in New Issue