-
Notifications
You must be signed in to change notification settings - Fork 0
129 lines (104 loc) · 4.46 KB
/
ansible-configure-if-vm.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: Configure Image Factory VM
on:
push:
paths:
- ".github/workflows/ansible-configure-if-vm.yml"
- "ansible/**"
workflow_dispatch:
jobs:
configure-vm:
runs-on: ubuntu-latest
env:
# Tell GitHub which VM host to use (air-gapped or development) -> TODO: remove when devel env is no longer needed
VM_ENV: ${{ vars.VM_ENV }}
REGISTRY: ${{ secrets.REGISTRY }}
ACR_USERNAME: ${{ secrets.ACR_USERNAME }}
ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }}
GH_PAT_TOKEN: ${{ secrets.GH_PAT_TOKEN }}
GH_OWNER: ${{ vars.GH_OWNER }}
GH_REPO: ${{ vars.GH_REPO }}
ACR_RUNNER_IMAGE_NAME: ${{ vars.ACR_RUNNER_IMAGE_NAME }}
ANSIBLE_VERSION: 2.17.4
steps:
- name: Checkout Repository
uses: actions/checkout@v4
# Development environment - VM host with internet access -> TODO: remove when devel env is no longer needed
- name: Template Ansible private key file for development environment
uses: cuchi/[email protected]
env:
SSH_KEY: ${{ secrets.AZURE_VM_SSH_KEY }}
if: env.VM_ENV == 'development'
with:
template: ansible/templates/ansible_ssh_key.j2
output_file: ansible/ansible_ssh_key
- name: Template Ansible inventory for development environment
uses: cuchi/[email protected]
env:
RUNNER_HOST_IP: ${{ secrets.AZURE_IF_RUNNER_IP }}
if: env.VM_ENV == 'development'
with:
template: ansible/templates/inventory.ini.j2
output_file: ansible/inventory.ini
# Air-gapped environment - VM host without internet access
- name: Template Ansible private key file for air-gapped environment
uses: cuchi/[email protected]
env:
SSH_KEY: ${{ secrets.SSH_KEY }}
if: env.VM_ENV == 'air-gapped' # -> TODO: remove condition when devel env is no longer needed
with:
template: ansible/templates/ansible_ssh_key.j2
output_file: ansible/ansible_ssh_key
- name: Template Ansible inventory for air-gapped environment
uses: cuchi/[email protected]
env:
JUMPHOST_IP: ${{ secrets.JUMPHOST_IP }}
RUNNER_HOST_IP: ${{ secrets.RUNNER_HOST_IP }}
if: env.VM_ENV == 'air-gapped' # -> TODO: remove condition when devel env is no longer needed
with:
template: ansible/templates/inventory.ini.j2
output_file: ansible/inventory.ini
- name: Template Ansible vars file
uses: cuchi/[email protected]
with:
template: ansible/templates/group_vars_all.yml.j2
output_file: ansible/group_vars/all.yml
- name: Install Ansible and add SSH key for connection
run: |
pip3 install ansible
ansible-playbook --version
eval "$(ssh-agent -s)"
chmod 600 ansible/ansible_ssh_key
ssh-add ansible/ansible_ssh_key
- name: Test connection to air-gapped VM (needed populate known_hosts file)
if: env.VM_ENV == 'air-gapped' # -> TODO: remove condition when devel env is no longer needed
run: |
ssh_command="ssh -o StrictHostKeyChecking=no azureadmin@${JUMPHOST_IP} 'ssh -o StrictHostKeyChecking=no azureadmin@${RUNNER_HOST_IP} whoami'"
eval $ssh_command
- name: Configure VM with ansible
run: |
cd ansible
ansible-playbook configure-image-factory-vm.yml
# TODO: change devel VM vars here and on github
# # - name: Configure VM with ansible
# # run: |
# # cd ansible
# # cat inventory.ini
# # ssh-add ansible_ssh_key
# # ssh_command="ssh -o StrictHostKeyChecking=no azureadmin@${JUMPHOST_IP} 'ssh -o StrictHostKeyChecking=no azureadmin@${RUNNER_HOST_IP} whoami'"
# # eval $ssh_command
# # ansible-playbook configure-image-factory-vm.yml
# OLD
# - name: Install Ansible
# run: |
# pip3 install ansible
# ansible-playbook --version
# # - name: Configure VM with ansible
# # run: |
# # cd ansible
# # cat inventory.ini
# # eval "$(ssh-agent -s)"
# # chmod 600 ansible_ssh_key
# # ssh-add ansible_ssh_key
# # ssh_command="ssh -o StrictHostKeyChecking=no azureadmin@${JUMPHOST_IP} 'ssh -o StrictHostKeyChecking=no azureadmin@${RUNNER_HOST_IP} whoami'"
# # eval $ssh_command
# # ansible-playbook configure-image-factory-vm.yml