TOPS-102: Ansible Integration #66
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Run pipelines on all branches that have a subnet defined. Destroy stage will not run on "prod" to prevent accidents.
Role is designed to set up DNS server on appropriate guests, and populate /etc/hosts for all guests.
Currently handles basic configuration of all Ubuntu guests, as well as DNS server/client setup, CUPS server, and rsyslog server.
I suspect this might be why the early stages aren't working with the dev branch
Collections are supposed to install during the general install command, but that's not working for some reason.
If you use include_playbook, it changes the scope to that playbook's directory, so it can't find any of the roles and stuff.
The Ubuntu runner needs a way to SSH to the created guests for Ansible.
The containers don't have an ubuntu user; root only.
The inventory directory has vault stuff and group vars, but Terraform creates a hosts file for us in a different directory. This should use both.
For some reason, doing the host entries like I was doing before wouldn't allow anything to pick up the third variable in the dict. I fixed this by specifically formatting each host entry as a dict.
Also add the rsyslog Terraform module.
The Terraform-created hosts file uses IPs, not hostnames, so the DNS servers weren't getting set up.
Regex wasn't working, but apparently I can use group_names to determine if the current host is in the dns group.
This should let the hostname-setting step actually work while retaining the lack of dependency on DNS/hosts files for the runner.
- Split up config files like Ubuntu expects - Make sure directory ownership is correct
yesrod
requested review from
aaronsaderholm and
claughinghouse
as code owners
In case google is having a bad day.
There was a problem hiding this comment.
Changes look good but I would like to have @aaronsaderholm take a pass at all the terraform files.
Closed
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ansible status update:
include_playbookchanges the scope to the included playbook's directory which broke things.Ansible Vault password file is copied fromIt's now sourced from a masked variable from GitLab.~gitlab-runnerto the Ansible directory during the appropriate pipeline stage. We probably need a better method for this.SERVERSinterface (10.101.22.0/24) fordev,main,aaron-devbranch subnets. We can now get to hosts in those subnets from other hosts.mag_ansible_id_ed25519SSH key to the GitLab runner. Need to figure out how to distribute that during runner setup. (Probably a bootstrap Ansible playbook for GitLab, the runner, Proxmox, etc.)rootnotubuntu. Setremote_useraccordingly in Ansible.binduserto enroll hosts as intended.Known issues: