From 2a70763f1863271066d5edff93a5cbc68f87e56b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <Joerg.Sachse@slub-dresden.de>
Date: Fri, 10 Jun 2022 15:59:09 +0200
Subject: [PATCH] chore: change GitLab-CI pipeline to VM based
---
.gitlab-ci.yml | 47 +++--------------------
handlers/main.yml | 2 -
molecule/default/molecule.yml | 15 ++------
molecule/resources/playbooks/Dockerfile | 15 --------
molecule/resources/playbooks/INSTALL.rst | 23 +++++++++++
molecule/resources/playbooks/converge.yml | 13 ++++---
molecule/resources/playbooks/verify.yml | 2 +-
tasks/main.yml | 3 +-
8 files changed, 42 insertions(+), 78 deletions(-)
delete mode 100644 molecule/resources/playbooks/Dockerfile
create mode 100644 molecule/resources/playbooks/INSTALL.rst
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 26f0ec1..b4e7858 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,69 +1,32 @@
----
# A pipeline is composed of independent jobs that run scripts, grouped into stages.
# Stages run in sequential order, but jobs within stages run in parallel.
#
# For more information, see: https://docs.gitlab.com/ee/ci/yaml/index.html#stages
stages: # List of stages for jobs, and their order of execution
- - build
- test
- - cleanup
-
-variables:
- IMAGE_TARGET: "$CI_REGISTRY_IMAGE/bullseye_ansible"
-# CI_DEBUG_TRACE: "true"
default:
- image:
- name: "${IMAGE_TARGET}:latest"
before_script:
- source /opt/molecule/bin/activate
- ansible --version
- molecule --version
- - docker --version
-
-build-env-job: # This job runs in the build stage, which runs first.
- stage: build
- timeout: 30m
- tags:
- - "docker"
- image:
- name: gcr.io/kaniko-project/executor:debug
- entrypoint: [""]
- before_script: []
- script:
- - mkdir -p /kaniko/.docker
- - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"},\"$(printf "%s" "$CI_DEPENDENCY_PROXY_SERVER" | cut -d':' -f1)\":{\"auth\":\"$(printf "%s:%s" "$CI_DEPENDENCY_PROXY_USER" "$CI_DEPENDENCY_PROXY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
- - >-
- /kaniko/executor
- --context "${CI_PROJECT_DIR}"
- --dockerfile "${CI_PROJECT_DIR}/molecule/resources/playbooks/Dockerfile"
- --destination "${IMAGE_TARGET}:latest"
-test-job: # This job runs in the test stage.
- stage: test # It only starts when the job in the build stage completes successfully.
+test-job:
+ stage: test
tags:
- "shell"
script:
# make sure that Ansible Vaults are present and can be decrypted
- # - sudo chown -R lza /builds/sachse/
- echo "${VAULT_LZA_PROXY}" > ../lza_proxy.pass
- export ANSIBLE_VAULT_PASSWORD_FILE=../lza_proxy.pass
- rm -rf ../ansible_vaults/
- - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/
- # - sudo chmod o-w "${CI_PROJECT_DIR}"
+ - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/; \
# run Molecule tests
- molecule syntax --scenario-name default
- molecule lint --scenario-name default
+ - molecule create --scenario-name default
- molecule converge --scenario-name default
- molecule idempotence --scenario-name default
- # - molecule verify --scenario-name default
+ #- molecule verify --scenario-name default
- molecule destroy --scenario-name default
-
-cleanup-job:
- stage: cleanup
- tags:
- - "shell"
- script:
- - rm -rf "%CACHE_PATH%/%CI_PIPELINE_ID%"
- when: always
diff --git a/handlers/main.yml b/handlers/main.yml
index c1ee46a..db701ee 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -22,5 +22,3 @@
ansible.builtin.systemd:
name: "squid.service"
state: restarted
- # Don't run systemd restart handler, because SystemD isn't available in the Docker container during Molecule tests.
- tags: [molecule-notest]
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 82d95e2..5424d3e 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -1,15 +1,12 @@
---
-prerun: false
dependency:
name: galaxy
- enabled: false
driver:
- name: docker
+ name: vagrant
platforms:
- - name: instance
- dockerfile: ../resources/playbooks/Dockerfile
- image: registry.git.slub-dresden.de/sachse/mytestrole/bullseye_ansible:latest
- pre_build_image: false
+ - name: vm-runner
+ box: debian/bullseye64
+ memory: 1024
provisioner:
name: ansible
playbooks:
@@ -20,7 +17,3 @@ provisioner:
verify: ../resources/playbooks/verify.yml
verifier:
name: ansible
-lint: |
- set -e
- yamllint .
- ansible-lint -x no-loop-var-prefix,command-instead-of-module
diff --git a/molecule/resources/playbooks/Dockerfile b/molecule/resources/playbooks/Dockerfile
deleted file mode 100644
index 535145c..0000000
--- a/molecule/resources/playbooks/Dockerfile
+++ /dev/null
@@ -1,15 +0,0 @@
-FROM debian:stable-slim
-
-RUN adduser lza;
-
-### configure SLUB Debian Repository
-RUN apt-get update; \
- apt-get install -y --no-install-recommends gnupg wget git python3 ansible sudo; \
- wget -O - http://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key | apt-key add - ; \
- echo "deb http://sdvdebianrepo.slub-dresden.de/deb-repository bullseye main" > /etc/apt/sources.list.d/slub.list; \
- apt-get update;
- #apt-get -y --no-install-recommends install python3-pip python3-virtualenv;
-
-RUN echo "lza ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lza-user
-
-USER lza
diff --git a/molecule/resources/playbooks/INSTALL.rst b/molecule/resources/playbooks/INSTALL.rst
new file mode 100644
index 0000000..0c4bf5c
--- /dev/null
+++ b/molecule/resources/playbooks/INSTALL.rst
@@ -0,0 +1,23 @@
+*********************************
+Vagrant driver installation guide
+*********************************
+
+Requirements
+============
+
+* Vagrant
+* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+ $ pip install 'molecule_vagrant'
diff --git a/molecule/resources/playbooks/converge.yml b/molecule/resources/playbooks/converge.yml
index 540cfb6..6817a16 100644
--- a/molecule/resources/playbooks/converge.yml
+++ b/molecule/resources/playbooks/converge.yml
@@ -1,8 +1,11 @@
---
- name: Converge
hosts: all
- tasks:
- - name: "Include role"
- ansible.builtin.include_role:
- name: "ansible_lza_proxy"
- become: true
+ pre_tasks:
+ - name: update apt cache
+ ansible.builtin.apt:
+ update_cache: true
+ upgrade: dist
+ become: true
+ roles:
+ - {name: "ansible_lza_proxy", become: true}
diff --git a/molecule/resources/playbooks/verify.yml b/molecule/resources/playbooks/verify.yml
index e707420..79044cd 100644
--- a/molecule/resources/playbooks/verify.yml
+++ b/molecule/resources/playbooks/verify.yml
@@ -6,5 +6,5 @@
gather_facts: false
tasks:
- name: Example assertion
- ansible.builtin.assert:
+ assert:
that: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 279f329..f3d7ed6 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -19,5 +19,4 @@
- name: configure iptables firewall
ansible.builtin.import_tasks: "configure-iptables.yml"
- # don't run iptables tasks, because iptables can't be used in an unprivileged Docker container
- tags: [iptables, molecule-notest]
+ tags: [iptables]
--
GitLab