-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Silvija Tovernic
committed
Sep 21, 2024
1 parent
3a66b55
commit 5b699fe
Showing
3 changed files
with
54 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -13,11 +13,10 @@ jobs: | |
runs-on: ubuntu-latest | ||
|
||
env: | ||
JUMPHOST_IP: ${{ secrets.JUMPHOST_IP }} | ||
RUNNER_HOST_IP: ${{ secrets.RUNNER_HOST_IP }} | ||
SSH_KEY: ${{ secrets.SSH_KEY }} | ||
# Tell GitHub which VM host to use (air-gapped or development) -> TODO: remove when devel env is no longer needed | ||
VM_ENV: "air-gapped" | ||
|
||
REGISTRY: ${{ secrets.REGISTRY_PRIVATE_ENDPOINT }} | ||
REGISTRY: ${{ secrets.REGISTRY }} | ||
ACR_USERNAME: ${{ secrets.ACR_USERNAME }} | ||
ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }} | ||
|
||
|
@@ -32,42 +31,68 @@ jobs: | |
- name: Checkout Repository | ||
uses: actions/checkout@v4 | ||
|
||
- name: Template Ansible private key file | ||
|
||
# Development environment - VM host with internet access -> TODO: remove when devel env is no longer needed | ||
- name: Template Ansible private key file for development environment | ||
uses: cuchi/[email protected] | ||
env: | ||
SSH_KEY: ${{ secrets.AZURE_VM_SSH_KEY }} | ||
if: env.VM_ENV == "development" | ||
with: | ||
template: ansible/templates/ansible_ssh_key.j2 | ||
output_file: ansible/ansible_ssh_key | ||
|
||
- name: Template Ansible vars file | ||
uses: cuchi/[email protected] | ||
with: | ||
template: ansible/templates/group_vars_all.yml.j2 | ||
output_file: ansible/group_vars/all.yml | ||
|
||
- name: Template Ansible inventory | ||
# Development environment - VM host with internet access -> TODO: remove when devel env is no longer needed | ||
- name: Template Ansible inventory for development environment | ||
uses: cuchi/[email protected] | ||
env: | ||
RUNNER_HOST_IP: ${{ secrets.AZURE_IF_RUNNER_IP }} | ||
if: env.VM_ENV == "development" | ||
with: | ||
template: ansible/templates/inventory.ini.j2 | ||
output_file: ansible/inventory.ini | ||
|
||
- name: Template Ansible private key file | ||
|
||
# Air-gapped environment - VM host without internet access | ||
- name: Template Ansible private key file for air-gapped environment | ||
uses: cuchi/[email protected] | ||
env: | ||
SSH_KEY: ${{ secrets.SSH_KEY }} | ||
if: env.VM_ENV == "air-gapped" # -> TODO: remove condition when devel env is no longer needed | ||
with: | ||
template: ansible/templates/ansible_ssh_key.j2 | ||
output_file: ansible/ansible_ssh_key | ||
|
||
- name: Install Ansible | ||
run: | | ||
pip3 install ansible | ||
ansible-playbook --version | ||
- name: Configure VM with ansible | ||
run: | | ||
cd ansible | ||
cat inventory.ini | ||
eval "$(ssh-agent -s)" | ||
chmod 600 ansible_ssh_key | ||
ssh-add ansible_ssh_key | ||
ssh_command="ssh -o StrictHostKeyChecking=no azureadmin@${JUMPHOST_IP} 'ssh -o StrictHostKeyChecking=no azureadmin@${RUNNER_HOST_IP} whoami'" | ||
eval $ssh_command | ||
ansible-playbook configure-image-factory-vm.yml | ||
# Air-gapped environment - VM host without internet access | ||
- name: Template Ansible inventory for air-gapped environment | ||
uses: cuchi/[email protected] | ||
env: | ||
JUMPHOST_IP: ${{ secrets.JUMPHOST_IP }} | ||
RUNNER_HOST_IP: ${{ secrets.RUNNER_HOST_IP }} | ||
if: env.VM_ENV == "air-gapped" # -> TODO: remove condition when devel env is no longer needed | ||
with: | ||
template: ansible/templates/inventory.ini.j2 | ||
output_file: ansible/inventory.ini | ||
|
||
|
||
# - name: Template Ansible vars file | ||
# uses: cuchi/[email protected] | ||
# with: | ||
# template: ansible/templates/group_vars_all.yml.j2 | ||
# output_file: ansible/group_vars/all.yml | ||
|
||
# - name: Install Ansible | ||
# run: | | ||
# pip3 install ansible | ||
# ansible-playbook --version | ||
|
||
# # - name: Configure VM with ansible | ||
# # run: | | ||
# # cd ansible | ||
# # cat inventory.ini | ||
# # eval "$(ssh-agent -s)" | ||
# # chmod 600 ansible_ssh_key | ||
# # ssh-add ansible_ssh_key | ||
# # ssh_command="ssh -o StrictHostKeyChecking=no azureadmin@${JUMPHOST_IP} 'ssh -o StrictHostKeyChecking=no azureadmin@${RUNNER_HOST_IP} whoami'" | ||
# # eval $ssh_command | ||
# # ansible-playbook configure-image-factory-vm.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
image-factory-vm ansible_host={{ env['RUNNER_HOST_IP'] }} ansible_user=azureuser |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1 @@ | ||
#jumphost ansible_host={{ env['JUMPHOST_IP'] }} ansible_user=azureadmin ansible_ssh_common_args='-o StrictHostKeyChecking=no' | ||
#image-factory-vm ansible_host={{ env['RUNNER_HOST_IP'] }} ansible_user=azureadmin ansible_ssh_common_args='-o ProxyJump=azureadmin@{{ env['JUMPHOST_IP'] }} -o StrictHostKeyChecking=no' | ||
|
||
|
||
image-factory-vm ansible_host={{ env['RUNNER_HOST_IP'] }} ansible_ssh_common_args='-o ProxyJump=azureadmin@{{ env['JUMPHOST_IP'] }}' |