Ping Pools bevor deploy ausgeführt wird

2021-02-02 08:28:07 +01:00 · 2021-02-02 08:28:07 +01:00 · 61bc08b4d7
commit 61bc08b4d7
parent 005a4e2344
2 changed files with 56 additions and 9 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,6 +1,8 @@
 stages:
  - lint
+  - ping-test
  - deploy-test
+  - ping-prod
  - deploy-prod

 variables:
@ -24,7 +26,7 @@ markdown-lint:
  stage: lint
  image: pipelinecomponents/markdownlint:latest
  script:
-    - mdl --style all --warnings .
+    - mdl --style all --warnings --rules ~MD022,~MD013 .
  interruptible: true
  allow_failure: true
  rules:
@ -32,6 +34,25 @@ markdown-lint:
  tags:
    - ansible

+ping-test:
+  image: quotengrote/gitlab-ci-ansible:latest
+  stage: ping-test
+  interruptible: true
+  before_script:
+    - chmod 0755 /builds/mg/ansible
+    - echo "$id_rsa_ansible_user" > /builds/mg/ansible/id_rsa_ansible_user
+    - chmod 0400 /builds/mg/ansible/id_rsa_ansible_user
+  script:
+    - ansible -i inventory --limit test --vault-password-file $ansible_vault_pass all -m ping
+  after_script:
+    - rm /builds/mg/ansible/id_rsa_ansible_user
+  rules:
+    - if: $CI_MERGE_REQUEST_ID
+  tags:
+    - ansible
+
+
+
 ansible-deploy-test:
  image: quotengrote/gitlab-ci-ansible:latest
  stage: deploy-test
@ -49,6 +70,23 @@ ansible-deploy-test:
  tags:
    - ansible

+ping-prod:
+  image: quotengrote/gitlab-ci-ansible:latest
+  stage: ping-prod
+  interruptible: true
+  before_script:
+    - chmod 0755 /builds/mg/ansible
+    - echo "$id_rsa_ansible_user" > /builds/mg/ansible/id_rsa_ansible_user
+    - chmod 0400 /builds/mg/ansible/id_rsa_ansible_user
+  script:
+    - ansible -i inventory --limit production --vault-password-file $ansible_vault_pass all -m ping
+  after_script:
+    - rm /builds/mg/ansible/id_rsa_ansible_user
+  rules:
+    - if: $CI_COMMIT_BRANCH == 'master'
+  tags:
+    - ansible
+
 ansible-deploy-prod:
  image: quotengrote/gitlab-ci-ansible:latest
  stage: deploy-prod
--- a/README.md
+++ b/README.md
@ -2,21 +2,25 @@

 [![pipeline status](http://git.mgrote.net/mg/ansible/badges/master/pipeline.svg)](http://git.mgrote.net/mg/ansible/-/commits/master)

-
 ## Ansible KeePass Lookup Plugin aktualisieren
+
 ```bash
 pip install 'pykeepass>3.2.0' --user
 mkdir -p ~/.ansible/plugins/lookup && cd "$_"
 curl https://raw.githubusercontent.com/viczem/ansible-keepass/master/keepass.py -o ./keepass.py
 ```
+
 ## collections als Dependency
+
 - in meta
-```
+
+```yaml
 collections:
  - community.general
 ```

 ## defaults in Dictionary
+
 ```bash
 - name: "register_runner"
  community.general.gitlab_runner:
@ -29,7 +33,6 @@ description: <-- Original-Variable
 default('GitLab-Runner') }}" <-- wenn Inhalt leer, dann default...
 ```

-
 ## [playbook-grapher](https://github.com/haidaraM/ansible-playbook-grapher)
 `ansible-playbook-grapher --include-role-tasks  tests/fixtures/with_roles.yml`

@ -43,7 +46,8 @@ default('GitLab-Runner') }}" <-- wenn Inhalt leer, dann default...
 `ansible-galaxy collection list -vvv`

 ## fix ansible vault-permissions
-```
+
+```bash
 sudo chmod 400 id_rsa_ansible_user
 sudo chmod 400 vault-pass.yml
 ```
@ -60,12 +64,14 @@ Diese Datei enthält das Passwort mit dem die KeePassDb verschlüsselt ist.
 Das vault-secret für die GroupVars wird mit `ansible-vault encrypt_string <password>` erstellt.

 ### Erklärung
+
 ```yaml
  keepass_dbx: "./keepass_db.kdbx"
  keepass_psw: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          62383737XXXXXX531
 ```
+
 1. mit vault-pass.yml wird das Kennwort an ansible-vault übergeben
 2. ansible-vault entschlüsselt hiermit die Variable `keepass_psw`
 3. der Inhalt der Variable wird dann an das KeePass-Lookup-Plugin übergeben was damit die KeePass-Datei öffnet
@ -74,6 +80,7 @@ Das vault-secret für die GroupVars wird mit `ansible-vault encrypt_string <pass
 `restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}"`

 #### Erklärung
+
 ```yaml
 restic_repository_password:         <-- Ansible Variablen Name
 lookup('keepass'                    <-- Aufruf Keepass-Lookup-Plugin
@ -84,7 +91,8 @@ password                            <-- Feldbzeichner in KeepassDB
 ## Inventory anzeigen
 `ansible-inventory -i inventory --graph`

-## Alternatives Dictionary Format:
+## Alternatives Dictionary Format
+
 ```bash
  zfs_pool:
    - name: "ssd_vm_mirror"
@ -97,6 +105,7 @@ password                            <-- Feldbzeichner in KeepassDB
      cron_minutes_zfs_scrub: "0"
      cron_hour_zfs_scrub: "23"
 ```
+
 ist das gleiche wie:

 ```yaml
@ -110,6 +119,7 @@ ist das gleiche wie:

 ## Loop + Join
 ### Vars
+
 ```yaml
    mountpoint: "/shares"
    sources:
@ -140,6 +150,8 @@ ist das gleiche wie:

 ## prüfen ob eine Datei existiert

+* https://stackoverflow.com/questions/35654286/how-to-check-if-a-file-exists-in-ansible
+
 ```yaml
  - name: check if migration file exists
    stat:
@ -189,6 +201,3 @@ ist das gleiche wie:
      state: directory
    when: not is_installed.stat.exists
 ```
-
-### Siehe auch
-  * https://stackoverflow.com/questions/35654286/how-to-check-if-a-file-exists-in-ansible