add: conditions for air-gapped env

comsysto · Sep 21, 2024 · 5b699fe · 5b699fe
1 parent 3a66b55
commit 5b699fe
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 32 deletions.
diff --git a/.github/workflows/ansible-configure-if-vm.yml b/.github/workflows/ansible-configure-if-vm.yml
@@ -13,11 +13,10 @@ jobs:
  runs-on: ubuntu-latest
 
  env:
- JUMPHOST_IP: ${{ secrets.JUMPHOST_IP }}
- RUNNER_HOST_IP: ${{ secrets.RUNNER_HOST_IP }}
- SSH_KEY: ${{ secrets.SSH_KEY }}
+ # Tell GitHub which VM host to use (air-gapped or development) -> TODO: remove when devel env is no longer needed
+ VM_ENV: "air-gapped"
 
- REGISTRY: ${{ secrets.REGISTRY_PRIVATE_ENDPOINT }}
+ REGISTRY: ${{ secrets.REGISTRY }} 
  ACR_USERNAME: ${{ secrets.ACR_USERNAME }}
  ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }}
 
@@ -32,42 +31,68 @@ jobs:
  - name: Checkout Repository
  uses: actions/checkout@v4
 
- - name: Template Ansible private key file
+
+ # Development environment - VM host with internet access -> TODO: remove when devel env is no longer needed
+ - name: Template Ansible private key file for development environment
  uses: cuchi/[email protected]
+ env:
+ SSH_KEY: ${{ secrets.AZURE_VM_SSH_KEY }}
+ if: env.VM_ENV == "development"
  with:
  template: ansible/templates/ansible_ssh_key.j2
  output_file: ansible/ansible_ssh_key
 
- - name: Template Ansible vars file
- uses: cuchi/[email protected]
- with:
- template: ansible/templates/group_vars_all.yml.j2
- output_file: ansible/group_vars/all.yml
-
- - name: Template Ansible inventory
+ # Development environment - VM host with internet access -> TODO: remove when devel env is no longer needed
+ - name: Template Ansible inventory for development environment
  uses: cuchi/[email protected]
+ env:
+ RUNNER_HOST_IP: ${{ secrets.AZURE_IF_RUNNER_IP }}
+ if: env.VM_ENV == "development"
  with:
  template: ansible/templates/inventory.ini.j2
  output_file: ansible/inventory.ini
 
- - name: Template Ansible private key file
+
+ # Air-gapped environment - VM host without internet access
+ - name: Template Ansible private key file for air-gapped environment
  uses: cuchi/[email protected]
+ env:
+ SSH_KEY: ${{ secrets.SSH_KEY }}
+ if: env.VM_ENV == "air-gapped" # -> TODO: remove condition when devel env is no longer needed
  with:
  template: ansible/templates/ansible_ssh_key.j2
  output_file: ansible/ansible_ssh_key
 
- - name: Install Ansible
- run: |
- pip3 install ansible
- ansible-playbook --version
-
- - name: Configure VM with ansible
- run: |
- cd ansible
- cat inventory.ini
- eval "$(ssh-agent -s)"
- chmod 600 ansible_ssh_key
- ssh-add ansible_ssh_key
- ssh_command="ssh -o StrictHostKeyChecking=no azureadmin@${JUMPHOST_IP} 'ssh -o StrictHostKeyChecking=no azureadmin@${RUNNER_HOST_IP} whoami'"
- eval $ssh_command
- ansible-playbook configure-image-factory-vm.yml
+ # Air-gapped environment - VM host without internet access
+ - name: Template Ansible inventory for air-gapped environment
+ uses: cuchi/[email protected]
+ env:
+ JUMPHOST_IP: ${{ secrets.JUMPHOST_IP }}
+ RUNNER_HOST_IP: ${{ secrets.RUNNER_HOST_IP }}
+ if: env.VM_ENV == "air-gapped" # -> TODO: remove condition when devel env is no longer needed
+ with:
+ template: ansible/templates/inventory.ini.j2
+ output_file: ansible/inventory.ini
+
+
+ # - name: Template Ansible vars file
+ # uses: cuchi/[email protected]
+ # with:
+ # template: ansible/templates/group_vars_all.yml.j2
+ # output_file: ansible/group_vars/all.yml
+
+ # - name: Install Ansible
+ # run: |
+ # pip3 install ansible
+ # ansible-playbook --version
+
+ # # - name: Configure VM with ansible
+ # # run: |
+ # # cd ansible
+ # # cat inventory.ini
+ # # eval "$(ssh-agent -s)"
+ # # chmod 600 ansible_ssh_key
+ # # ssh-add ansible_ssh_key
+ # # ssh_command="ssh -o StrictHostKeyChecking=no azureadmin@${JUMPHOST_IP} 'ssh -o StrictHostKeyChecking=no azureadmin@${RUNNER_HOST_IP} whoami'"
+ # # eval $ssh_command
+ # # ansible-playbook configure-image-factory-vm.yml
diff --git a/ansible/templates/inventory-public.ini.j2 b/ansible/templates/inventory-public.ini.j2
@@ -0,0 +1 @@
+image-factory-vm ansible_host={{ env['RUNNER_HOST_IP'] }} ansible_user=azureuser
diff --git a/ansible/templates/inventory.ini.j2 b/ansible/templates/inventory.ini.j2
@@ -1,5 +1 @@
-#jumphost ansible_host={{ env['JUMPHOST_IP'] }} ansible_user=azureadmin ansible_ssh_common_args='-o StrictHostKeyChecking=no'
-#image-factory-vm ansible_host={{ env['RUNNER_HOST_IP'] }} ansible_user=azureadmin ansible_ssh_common_args='-o ProxyJump=azureadmin@{{ env['JUMPHOST_IP'] }} -o StrictHostKeyChecking=no'
-
-
 image-factory-vm ansible_host={{ env['RUNNER_HOST_IP'] }} ansible_ssh_common_args='-o ProxyJump=azureadmin@{{ env['JUMPHOST_IP'] }}'