Commit b805e074 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'feat/cacheable-config-dir' into 'master' 

feat: use cacheable directory for external roles and collections

See merge request to-be-continuous/ansible!67
parents 8ab33fb9 add47c1f

README.md

+9 −4
Original line number Diff line number Diff line
@@ -156,7 +156,7 @@ Deployment jobs also support _optional_ **hook scripts** from your project, loca 


### Manage remote repositories authentication



Specifying an [Ansible requirements file](https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#install-multiple-collections-with-a-requirements-file) (with `$ANSIBLE_REQUIREMENTS_FILE`), you may use Ansible roles from remote places (Ansible repository, Git repository, ...).

Specifying an [Ansible requirements file](https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#install-multiple-collections-with-a-requirements-file) (with `$ANSIBLE_REQUIREMENTS_FILE`), you may use Ansible roles and collections from remote places (Ansible repository, Git repository, ...).

Accessing those repositories may require an authentication.



In such a case, you may configure the remote authentication(s) by providing a _variabilized_ `.netrc` file at the root of your Ansible project.
@@ -272,13 +272,18 @@ This template can be configured with the following **environment variables**: 
| `default-inventory` / `ANSIBLE_DEFAULT_INVENTORY` | The default inventory, if used                                                       | **has to be defined if used**                  |

| `default-tags` / `ANSIBLE_DEFAULT_TAGS` | The default tags, if used                                                            | **has to be defined if used**                  |

| `default-extra-args` / `ANSIBLE_DEFAULT_EXTRA_ARGS` | Optional default args to add to the ansible-playbook command line                    | **has to be defined if used**                  |

| `default-roles-path` / `ANSIBLE_DEFAULT_ROLES_PATH` | The default path where the roles should be installed                                 | `$CI_PROJECT_DIR/roles`                        |

| `force-color` / `ANSIBLE_FORCE_COLOR` | Forces color on Ansible output                                                       | `true`                                         |

| `requirements-file` / `ANSIBLE_REQUIREMENTS_FILE` | The file used to install roles with `ansible-galaxy role install`                    | `requirements.yml`                             |

| `galaxy-extra-args` / `ANSIBLE_GALAXY_EXTRA_ARGS` | `ansible-galaxy role install` command [extra options](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html#role-install) | _none_ |

| `requirements-file` / `ANSIBLE_REQUIREMENTS_FILE` | The file used to install roles and collections with `ansible-galaxy install`                    | `requirements.yml`                             |

| `galaxy-extra-args` / `ANSIBLE_GALAXY_EXTRA_ARGS` | `ansible-galaxy install` command [extra options](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html#role-install) | _none_ |

| `scripts-dir` / `ANSIBLE_SCRIPTS_DIR` | The Ansible scripts base directory (relative to `$ANSIBLE_PROJECT_DIR`)              | `.`                                            |

| `host-key-checking` / `ANSIBLE_HOST_KEY_CHECKING` | Enable or disable the SSH host key checking                                          | `false` (disabled)                             |



#### Use of `ANSIBLE_HOME`



Internally, the Ansible template sets [`ANSIBLE_HOME`](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-home) to `$CI_PROJECT_DIR/$ANSIBLE_PROJECT_DIR/.ansible` and caches it (to optimize executions, more specifically when installing external collections and roles).



:warning: Don't use this directoy to store secrets in your playbook or they would be disclosed as public cache resources.



### Review environments configuration



Review environments are dynamic and ephemeral environments to deploy your _ongoing developments_ (a.k.a. _feature_ or _topic_ branches).

kicker.json

+2 −8
Original line number Diff line number Diff line
@@ -65,13 +65,13 @@ 
    },

    {

      "name": "ANSIBLE_REQUIREMENTS_FILE",

      "description": "The file used to install roles with `ansible-galaxy role install`",

      "description": "The file used to install roles and collections with `ansible-galaxy install`",

      "default": "requirements.yml",

      "advanced": true

    },

    {

      "name": "ANSIBLE_GALAXY_EXTRA_ARGS",

      "description": "`ansible-galaxy role install` command [extra options](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html#role-install)",

      "description": "`ansible-galaxy install` command [extra options](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html#role-install)",

      "advanced": true

    },

    {
@@ -86,12 +86,6 @@ 
      "type": "boolean",

      "default": "false",

      "advanced": true

    },

    {

      "name": "ANSIBLE_DEFAULT_ROLES_PATH",

      "description": "The default path where the roles should be installed",

      "default": "$CI_PROJECT_DIR/roles",

      "advanced": true

    }

  ],

  "features": [

templates/gitlab-ci-ansible.yml

+11 −9
Original line number Diff line number Diff line
@@ -48,10 +48,10 @@ spec: 
      type: boolean

      default: true

    requirements-file:

      description: The file used to install roles with `ansible-galaxy role install`

      description: The file used to install roles and collections with `ansible-galaxy install`

      default: requirements.yml

    galaxy-extra-args:

      description: '`ansible-galaxy role install` command [extra options](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html#role-install)'

      description: '`ansible-galaxy install` command [extra options](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html#role-install)'

      default: ''

    scripts-dir:

      description: The Ansible scripts base directory (relative to `$ANSIBLE_PROJECT_DIR`)
@@ -60,9 +60,6 @@ spec: 
      description: Enable or disable the SSH host key checking

      type: boolean

      default: false

    default-roles-path:

      description: The default path where the roles should be installed

      default: $CI_PROJECT_DIR/roles

    lint-disabled:

      description: Disable Ansible Lint

      type: boolean
@@ -244,7 +241,6 @@ variables: 
  ANSIBLE_REQUIREMENTS_FILE: $[[ inputs.requirements-file ]]

  ANSIBLE_SCRIPTS_DIR: $[[ inputs.scripts-dir ]]

  ANSIBLE_HOST_KEY_CHECKING: $[[ inputs.host-key-checking ]]

  ANSIBLE_DEFAULT_ROLES_PATH: $[[ inputs.default-roles-path ]]



  ANSIBLE_REVIEW_AUTOSTOP_DURATION: $[[ inputs.review-autostop-duration ]]

  ANSIBLE_INTEG_AUTOSTOP_DURATION: $[[ inputs.integ-autostop-duration ]]
@@ -577,8 +573,7 @@ stages: 


    if [ -f "$ANSIBLE_REQUIREMENTS_FILE" ]; then

      log_info "--- \\e[32mrequirements\\e[0m file (\\e[33;1m${ANSIBLE_REQUIREMENTS_FILE}\\e[0m) found: running \\e[33;1mansible-galaxy install\\e[0m"

      export ANSIBLE_ROLES_PATH="$ANSIBLE_DEFAULT_ROLES_PATH:$ANSIBLE_ROLES_PATH"

      mkdir -p "$ANSIBLE_DEFAULT_ROLES_PATH"

      # roles and collections are downloaded relatively to ANSIBLE_HOME (cached dir)

      # shellcheck disable=SC2086

      ansible-galaxy install -r "$ANSIBLE_REQUIREMENTS_FILE" $ANSIBLE_GALAXY_EXTRA_ARGS

    fi
@@ -689,6 +684,13 @@ stages: 
  services:

    - name: "$TBC_TRACKING_IMAGE"

      command: ["--service", "ansible", "6.4.0"]

  variables:

    ANSIBLE_HOME: $CI_PROJECT_DIR/$ANSIBLE_PROJECT_DIR/.ansible

  cache:

    key: "$CI_COMMIT_REF_SLUG-ansible"

    when: always

    paths:

      - $ANSIBLE_PROJECT_DIR/.ansible

  before_script:

    - !reference [.ansible-scripts]

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"