diff --git a/.ansible/deploy.yaml b/.ansible/bootstrap.yaml similarity index 76% rename from .ansible/deploy.yaml rename to .ansible/bootstrap.yaml index 00d416f..17d9962 100644 --- a/.ansible/deploy.yaml +++ b/.ansible/bootstrap.yaml @@ -1,14 +1,22 @@ -- hosts: localhost - strategy: free +- import_playbook: power_on.yaml + +- hosts: manager:worker + strategy: linear + gather_facts: no tasks: + + - name: wait for connections + wait_for_connection: + - include_role: name: ubuntu tasks_from: scan_hosts -- hosts: all +- hosts: manager:worker strategy: free tasks: + - include_role: name: ubuntu tasks_from: setup_user @@ -18,7 +26,7 @@ ansible_sudo_pass: "{{ ansible_ssh_pass }}" -- hosts: all +- hosts: manager:worker strategy: free roles: - ubuntu @@ -42,3 +50,4 @@ name: docker tasks_from: install_nvidia_toolkit +- import_playbook: power_off.yaml diff --git a/.ansible/clean.yaml b/.ansible/clean.yaml index c0a39bc..610bc5e 100644 --- a/.ansible/clean.yaml +++ b/.ansible/clean.yaml @@ -1,9 +1,17 @@ -- hosts: all +- import_playbook: power_on.yaml + +- hosts: manager:worker strategy: free + gather_facts: no tasks: + - name: wait for connections + wait_for_connection: + - include_role: name: docker tasks_from: system_prune vars: - options: --all + options: --volumes + +- import_playbook: power_off.yaml diff --git a/.ansible/files/requirements.txt b/.ansible/files/requirements.txt index 90ec607..953c74a 100644 --- a/.ansible/files/requirements.txt +++ b/.ansible/files/requirements.txt @@ -1 +1,2 @@ -dnspython==2.1.0 +dnspython +proxmoxer diff --git a/.ansible/group_vars/all/main.yaml b/.ansible/group_vars/all/main.yaml deleted file mode 100644 index b7f4a60..0000000 --- a/.ansible/group_vars/all/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ -user: automation -home: "/home/{{ user }}" -app_data: "{{ home }}/.diesel" - -hostname: "{{ env }}" -domain: diesel.net -fqdn: "{{ hostname }}.{{ domain }}" diff --git a/.ansible/group_vars/all/proxmox.yaml b/.ansible/group_vars/all/proxmox.yaml new file mode 100644 index 0000000..b3032c1 --- /dev/null +++ b/.ansible/group_vars/all/proxmox.yaml @@ -0,0 +1,5 @@ +proxmox_realm: pve +proxmox_user: '{{ lookup("env", "PROXMOX_USER") }}@{{ proxmox_realm }}' +proxmox_password: '{{ lookup("env", "PROXMOX_PASS") }}' +proxmox_api_host: pve.diesel.net +proxmox_node: pve diff --git a/.ansible/inventory/development/hosts b/.ansible/inventory/development/hosts index ad65290..52102a1 100644 --- a/.ansible/inventory/development/hosts +++ b/.ansible/inventory/development/hosts @@ -1,9 +1,20 @@ all: children: + manager: hosts: + dev.diesel.net: + + automation-station.diesel.net: + auto_reboots: no + + + offline: + hosts: + + automation-station.diesel.net: vars: ansible_user: automation diff --git a/.ansible/inventory/production/hosts b/.ansible/inventory/production/hosts index df35b79..110bceb 100644 --- a/.ansible/inventory/production/hosts +++ b/.ansible/inventory/production/hosts @@ -1,32 +1,35 @@ all: children: + manager: hosts: + prod.diesel.net: - automation-station.diesel.net: - drone: - hosts: drone.diesel.net: auto_reboots: no - tools: - hosts: tools.diesel.net: - games: - hosts: games.diesel.net: - es: - hosts: es.diesel.net: + gpu.diesel.net: + + nvidia: hosts: + gpu.diesel.net: + + offline: + hosts: + + games.diesel.net + vars: ansible_user: automation ansible_python_interpreter: /usr/bin/python3 diff --git a/.ansible/inventory/stable/hosts b/.ansible/inventory/stable/hosts index 33c11f5..3853eb2 100644 --- a/.ansible/inventory/stable/hosts +++ b/.ansible/inventory/stable/hosts @@ -1,8 +1,10 @@ all: children: + manager: hosts: + test.diesel.net: vars: diff --git a/.ansible/power_off.yaml b/.ansible/power_off.yaml new file mode 100644 index 0000000..b61c8f7 --- /dev/null +++ b/.ansible/power_off.yaml @@ -0,0 +1,14 @@ +- hosts: offline + gather_facts: no + strategy: free + tasks: + + - name: power off VMs + proxmox_kvm: + name: '{{ inventory_hostname_short }}' + api_user: '{{ proxmox_user }}' + api_password: '{{ proxmox_password }}' + api_host: '{{ proxmox_api_host }}' + node: '{{ proxmox_node }}' + state: stopped + delegate_to: localhost diff --git a/.ansible/power_on.yaml b/.ansible/power_on.yaml new file mode 100644 index 0000000..723fd1c --- /dev/null +++ b/.ansible/power_on.yaml @@ -0,0 +1,15 @@ +- hosts: offline + gather_facts: no + strategy: free + tasks: + + - name: power on VMs + proxmox_kvm: + name: '{{ inventory_hostname_short }}' + api_user: '{{ proxmox_user }}' + api_password: '{{ proxmox_password }}' + api_host: '{{ proxmox_api_host }}' + node: '{{ proxmox_node }}' + state: started + delegate_to: localhost + diff --git a/.ansible/roles/requirements.yaml b/.ansible/roles/requirements.yaml index afd6fe7..900583a 100644 --- a/.ansible/roles/requirements.yaml +++ b/.ansible/roles/requirements.yaml @@ -1,7 +1,7 @@ - name: ubuntu scm: git src: "git@github.com:Diesel-Net/ansible-role-ubuntu.git" - version: 2.5.0 + version: 2.5.1 - name: common scm: git @@ -11,4 +11,4 @@ - name: docker scm: git src: "git@github.com:Diesel-Net/ansible-role-docker.git" - version: 1.10.0 + version: 1.11.0 diff --git a/.ansible/update.yaml b/.ansible/update.yaml index 82ffbca..1acd2b8 100644 --- a/.ansible/update.yaml +++ b/.ansible/update.yaml @@ -1,7 +1,15 @@ -- hosts: all +- import_playbook: power_on.yaml + +- hosts: manager:worker strategy: free + gather_facts: no tasks: + - name: wait for connections + wait_for_connection: + - import_role: name: ubuntu tasks_from: update + +- import_playbook: power_off.yaml diff --git a/.drone.yaml b/.drone.yaml index f5febd0..7e2bd35 100644 --- a/.drone.yaml +++ b/.drone.yaml @@ -3,12 +3,12 @@ kind: pipeline type: docker name: swarm bootstrap -clone: - depth: 1 +concurrency: + limit: 1 steps: - - name: deploy + - name: bootstrap image: plugins/ansible:3 environment: ANSIBLE_CONFIG: .ansible/ansible.cfg @@ -16,10 +16,14 @@ steps: from_secret: cloud_init_user CLOUD_INIT_PASS: from_secret: cloud_init_pass + PROXMOX_USER: + from_secret: proxmox_user + PROXMOX_PASS: + from_secret: proxmox_pass settings: requirements: .ansible/files/requirements.txt galaxy: .ansible/roles/requirements.yaml - playbook: .ansible/deploy.yaml + playbook: .ansible/bootstrap.yaml private_key: from_secret: automation_id_rsa vault_password: @@ -40,17 +44,78 @@ trigger: --- +kind: pipeline +type: docker +name: automated tests (run remaining playbooks) + +concurrency: + limit: 1 + +steps: + + - name: update dev + image: plugins/ansible:3 + environment: + ANSIBLE_CONFIG: .ansible/ansible.cfg + PROXMOX_USER: + from_secret: proxmox_user + PROXMOX_PASS: + from_secret: proxmox_pass + settings: + requirements: .ansible/files/requirements.txt + galaxy: .ansible/roles/requirements.yaml + playbook: .ansible/update.yaml + inventory: .ansible/inventory/development + private_key: + from_secret: automation_id_rsa + vault_password: + from_secret: ansible_vault_password + + - name: clean dev + image: plugins/ansible:3 + environment: + ANSIBLE_CONFIG: .ansible/ansible.cfg + PROXMOX_USER: + from_secret: proxmox_user + PROXMOX_PASS: + from_secret: proxmox_pass + settings: + requirements: .ansible/files/requirements.txt + galaxy: .ansible/roles/requirements.yaml + playbook: .ansible/clean.yaml + inventory: .ansible/inventory/development + private_key: + from_secret: automation_id_rsa + vault_password: + from_secret: ansible_vault_password + +trigger: + branch: + - development + +depends_on: + - 'swarm bootstrap' + +--- + kind: pipeline type: docker name: daily maintenance +concurrency: + limit: 1 steps: - name: update dev image: plugins/ansible:3 environment: ANSIBLE_CONFIG: .ansible/ansible.cfg + PROXMOX_USER: + from_secret: proxmox_user + PROXMOX_PASS: + from_secret: proxmox_pass settings: + requirements: .ansible/files/requirements.txt galaxy: .ansible/roles/requirements.yaml playbook: .ansible/update.yaml inventory: .ansible/inventory/development @@ -63,7 +128,12 @@ steps: image: plugins/ansible:3 environment: ANSIBLE_CONFIG: .ansible/ansible.cfg + PROXMOX_USER: + from_secret: proxmox_user + PROXMOX_PASS: + from_secret: proxmox_pass settings: + requirements: .ansible/files/requirements.txt galaxy: .ansible/roles/requirements.yaml playbook: .ansible/update.yaml inventory: .ansible/inventory/stable @@ -76,7 +146,12 @@ steps: image: plugins/ansible:3 environment: ANSIBLE_CONFIG: .ansible/ansible.cfg + PROXMOX_USER: + from_secret: proxmox_user + PROXMOX_PASS: + from_secret: proxmox_pass settings: + requirements: .ansible/files/requirements.txt galaxy: .ansible/roles/requirements.yaml playbook: .ansible/update.yaml inventory: .ansible/inventory/production @@ -97,13 +172,20 @@ kind: pipeline type: docker name: weekly maintenance +concurrency: + limit: 1 steps: - name: clean dev image: plugins/ansible:3 environment: ANSIBLE_CONFIG: .ansible/ansible.cfg + PROXMOX_USER: + from_secret: proxmox_user + PROXMOX_PASS: + from_secret: proxmox_pass settings: + requirements: .ansible/files/requirements.txt galaxy: .ansible/roles/requirements.yaml playbook: .ansible/clean.yaml inventory: .ansible/inventory/development @@ -116,7 +198,12 @@ steps: image: plugins/ansible:3 environment: ANSIBLE_CONFIG: .ansible/ansible.cfg + PROXMOX_USER: + from_secret: proxmox_user + PROXMOX_PASS: + from_secret: proxmox_pass settings: + requirements: .ansible/files/requirements.txt galaxy: .ansible/roles/requirements.yaml playbook: .ansible/clean.yaml inventory: .ansible/inventory/stable @@ -129,7 +216,12 @@ steps: image: plugins/ansible:3 environment: ANSIBLE_CONFIG: .ansible/ansible.cfg + PROXMOX_USER: + from_secret: proxmox_user + PROXMOX_PASS: + from_secret: proxmox_pass settings: + requirements: .ansible/files/requirements.txt galaxy: .ansible/roles/requirements.yaml playbook: .ansible/clean.yaml inventory: .ansible/inventory/production diff --git a/README.md b/README.md index 677e29e..f205f47 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ You will need to have the ansible-vault password file configured on your machine `Bootstrap` the **development** fleet. ```bash -ansible-playbook .ansible/deploy.yaml -i .ansible/inventory/development +ansible-playbook .ansible/bootstrap.yaml -i .ansible/inventory/development ``` `Clean` the **development** fleet.