From 2a70763f1863271066d5edff93a5cbc68f87e56b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <Joerg.Sachse@slub-dresden.de> Date: Fri, 10 Jun 2022 15:59:09 +0200 Subject: [PATCH] chore: change GitLab-CI pipeline to VM based --- .gitlab-ci.yml | 47 +++-------------------- handlers/main.yml | 2 - molecule/default/molecule.yml | 15 ++------ molecule/resources/playbooks/Dockerfile | 15 -------- molecule/resources/playbooks/INSTALL.rst | 23 +++++++++++ molecule/resources/playbooks/converge.yml | 13 ++++--- molecule/resources/playbooks/verify.yml | 2 +- tasks/main.yml | 3 +- 8 files changed, 42 insertions(+), 78 deletions(-) delete mode 100644 molecule/resources/playbooks/Dockerfile create mode 100644 molecule/resources/playbooks/INSTALL.rst diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 26f0ec1..b4e7858 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,69 +1,32 @@ ---- # A pipeline is composed of independent jobs that run scripts, grouped into stages. # Stages run in sequential order, but jobs within stages run in parallel. # # For more information, see: https://docs.gitlab.com/ee/ci/yaml/index.html#stages stages: # List of stages for jobs, and their order of execution - - build - test - - cleanup - -variables: - IMAGE_TARGET: "$CI_REGISTRY_IMAGE/bullseye_ansible" -# CI_DEBUG_TRACE: "true" default: - image: - name: "${IMAGE_TARGET}:latest" before_script: - source /opt/molecule/bin/activate - ansible --version - molecule --version - - docker --version - -build-env-job: # This job runs in the build stage, which runs first. - stage: build - timeout: 30m - tags: - - "docker" - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [""] - before_script: [] - script: - - mkdir -p /kaniko/.docker - - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"},\"$(printf "%s" "$CI_DEPENDENCY_PROXY_SERVER" | cut -d':' -f1)\":{\"auth\":\"$(printf "%s:%s" "$CI_DEPENDENCY_PROXY_USER" "$CI_DEPENDENCY_PROXY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json - - >- - /kaniko/executor - --context "${CI_PROJECT_DIR}" - --dockerfile "${CI_PROJECT_DIR}/molecule/resources/playbooks/Dockerfile" - --destination "${IMAGE_TARGET}:latest" -test-job: # This job runs in the test stage. - stage: test # It only starts when the job in the build stage completes successfully. +test-job: + stage: test tags: - "shell" script: # make sure that Ansible Vaults are present and can be decrypted - # - sudo chown -R lza /builds/sachse/ - echo "${VAULT_LZA_PROXY}" > ../lza_proxy.pass - export ANSIBLE_VAULT_PASSWORD_FILE=../lza_proxy.pass - rm -rf ../ansible_vaults/ - - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/ - # - sudo chmod o-w "${CI_PROJECT_DIR}" + - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/; \ # run Molecule tests - molecule syntax --scenario-name default - molecule lint --scenario-name default + - molecule create --scenario-name default - molecule converge --scenario-name default - molecule idempotence --scenario-name default - # - molecule verify --scenario-name default + #- molecule verify --scenario-name default - molecule destroy --scenario-name default - -cleanup-job: - stage: cleanup - tags: - - "shell" - script: - - rm -rf "%CACHE_PATH%/%CI_PIPELINE_ID%" - when: always diff --git a/handlers/main.yml b/handlers/main.yml index c1ee46a..db701ee 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -22,5 +22,3 @@ ansible.builtin.systemd: name: "squid.service" state: restarted - # Don't run systemd restart handler, because SystemD isn't available in the Docker container during Molecule tests. - tags: [molecule-notest] diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 82d95e2..5424d3e 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -1,15 +1,12 @@ --- -prerun: false dependency: name: galaxy - enabled: false driver: - name: docker + name: vagrant platforms: - - name: instance - dockerfile: ../resources/playbooks/Dockerfile - image: registry.git.slub-dresden.de/sachse/mytestrole/bullseye_ansible:latest - pre_build_image: false + - name: vm-runner + box: debian/bullseye64 + memory: 1024 provisioner: name: ansible playbooks: @@ -20,7 +17,3 @@ provisioner: verify: ../resources/playbooks/verify.yml verifier: name: ansible -lint: | - set -e - yamllint . - ansible-lint -x no-loop-var-prefix,command-instead-of-module diff --git a/molecule/resources/playbooks/Dockerfile b/molecule/resources/playbooks/Dockerfile deleted file mode 100644 index 535145c..0000000 --- a/molecule/resources/playbooks/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM debian:stable-slim - -RUN adduser lza; - -### configure SLUB Debian Repository -RUN apt-get update; \ - apt-get install -y --no-install-recommends gnupg wget git python3 ansible sudo; \ - wget -O - http://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key | apt-key add - ; \ - echo "deb http://sdvdebianrepo.slub-dresden.de/deb-repository bullseye main" > /etc/apt/sources.list.d/slub.list; \ - apt-get update; - #apt-get -y --no-install-recommends install python3-pip python3-virtualenv; - -RUN echo "lza ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lza-user - -USER lza diff --git a/molecule/resources/playbooks/INSTALL.rst b/molecule/resources/playbooks/INSTALL.rst new file mode 100644 index 0000000..0c4bf5c --- /dev/null +++ b/molecule/resources/playbooks/INSTALL.rst @@ -0,0 +1,23 @@ +********************************* +Vagrant driver installation guide +********************************* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule_vagrant' diff --git a/molecule/resources/playbooks/converge.yml b/molecule/resources/playbooks/converge.yml index 540cfb6..6817a16 100644 --- a/molecule/resources/playbooks/converge.yml +++ b/molecule/resources/playbooks/converge.yml @@ -1,8 +1,11 @@ --- - name: Converge hosts: all - tasks: - - name: "Include role" - ansible.builtin.include_role: - name: "ansible_lza_proxy" - become: true + pre_tasks: + - name: update apt cache + ansible.builtin.apt: + update_cache: true + upgrade: dist + become: true + roles: + - {name: "ansible_lza_proxy", become: true} diff --git a/molecule/resources/playbooks/verify.yml b/molecule/resources/playbooks/verify.yml index e707420..79044cd 100644 --- a/molecule/resources/playbooks/verify.yml +++ b/molecule/resources/playbooks/verify.yml @@ -6,5 +6,5 @@ gather_facts: false tasks: - name: Example assertion - ansible.builtin.assert: + assert: that: true diff --git a/tasks/main.yml b/tasks/main.yml index 279f329..f3d7ed6 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -19,5 +19,4 @@ - name: configure iptables firewall ansible.builtin.import_tasks: "configure-iptables.yml" - # don't run iptables tasks, because iptables can't be used in an unprivileged Docker container - tags: [iptables, molecule-notest] + tags: [iptables] -- GitLab