-
Notifications
You must be signed in to change notification settings - Fork 0
95 lines (76 loc) · 3.28 KB
/
ansible-configure-if-vm.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: Configure Image Factory VM
on:
push:
paths:
- ".github/workflows/ansible-configure-if-vm.yml"
- "ansible/**"
workflow_dispatch:
jobs:
configure-vm:
runs-on: ubuntu-latest
env:
# Tell GitHub which VM host to use (air-gapped or development) -> TODO: remove when devel env is no longer needed
VM_ENV: ${{ vars.VM_ENV }}
SSH_KEY: ${{ secrets.SSH_KEY }}
JUMPHOST_IP: ${{ secrets.JUMPHOST_IP }}
RUNNER_HOST_IP: ${{ secrets.RUNNER_HOST_IP }}
REGISTRY: ${{ secrets.REGISTRY }}
ACR_USERNAME: ${{ secrets.ACR_USERNAME }}
ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }}
GH_PAT_TOKEN: ${{ secrets.GH_PAT_TOKEN }}
GH_OWNER: ${{ vars.GH_OWNER }}
GH_REPO: ${{ vars.GH_REPO }}
ACR_RUNNER_IMAGE_NAME: ${{ vars.ACR_RUNNER_IMAGE_NAME }}
ANSIBLE_VERSION: 2.17.4
steps:
- name: Checkout Repository
uses: actions/checkout@v4
# Development environment - VM host with internet access -> TODO: remove when devel env is no longer needed
- name: Template Ansible SSH key file for development environment
uses: cuchi/[email protected]
env:
SSH_KEY: ${{ secrets.SSH_KEY_DEVEL }}
if: env.VM_ENV == 'development'
with:
template: ansible/templates/ansible_ssh_key.j2
output_file: ansible/ansible_ssh_key
- name: Template Ansible inventory for development environment
uses: cuchi/[email protected]
env:
RUNNER_HOST_IP: ${{ secrets.RUNNER_HOST_IP_DEVEL }}
if: env.VM_ENV == 'development'
with:
template: ansible/templates/inventory-devel.ini.j2
output_file: ansible/inventory.ini
# Air-gapped environment - VM host without internet access
- name: Template Ansible SSH key file for air-gapped environment
uses: cuchi/[email protected]
if: env.VM_ENV == 'air-gapped' # -> TODO: remove condition when devel env is no longer needed
with:
template: ansible/templates/ansible_ssh_key.j2
output_file: ansible/ansible_ssh_key
- name: Template Ansible inventory for air-gapped environment
uses: cuchi/[email protected]
if: env.VM_ENV == 'air-gapped' # -> TODO: remove condition when devel env is no longer needed
with:
template: ansible/templates/inventory.ini.j2
output_file: ansible/inventory.ini
- name: Template Ansible vars file
uses: cuchi/[email protected]
with:
template: ansible/templates/group_vars_all.yml.j2
output_file: ansible/group_vars/all.yml
- name: Install and configure Ansible
run: |
pip3 install ansible
ansible-playbook --version
chmod 600 ansible/ansible_ssh_key
- name: Configure VM with Ansible
run: |
cd ansible
eval "$(ssh-agent -s)"
ssh-add ansible_ssh_key
ssh_command="ssh -o StrictHostKeyChecking=no azureadmin@${JUMPHOST_IP} 'ssh -o StrictHostKeyChecking=no azureadmin@${RUNNER_HOST_IP} whoami'"
[ "$VM_ENV" = "air-gapped" ] && eval $ssh_command
ansible-playbook configure-image-factory-vm.yml
# -> TODO: remove condition [ "$VM_ENV" = "air-gapped" ] when devel env is no longer needed