From a2f66faab62e2e9f42b825fddeef043be5e51668 Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Thu, 14 Dec 2023 16:07:35 +0800 Subject: [PATCH 01/16] update --- .gitlab-ci.yml | 34 ++--- .gitlab-ci/{hk-aprd.yml => hk-tprd.yml} | 130 +++++++++--------- .gitlab-ci/mtest.yml | 50 ------- inventories/hk-aprd/group_vars/all.yml | 5 - inventories/hk-aprd/hk_aprd_azure_rm.yml | 28 ---- inventories/hk-astg/hk_astg_azure_rm.yml | 28 ---- .../{hk-astg => hk-tprd}/group_vars/all.yml | 0 .../tstg.cvm.yml => hk-tprd/hk-tprd.cvm.yml} | 10 +- inventories/mtest/group_vars/all.yml | 4 - 9 files changed, 83 insertions(+), 206 deletions(-) rename .gitlab-ci/{hk-aprd.yml => hk-tprd.yml} (59%) delete mode 100644 .gitlab-ci/mtest.yml delete mode 100644 inventories/hk-aprd/group_vars/all.yml delete mode 100644 inventories/hk-aprd/hk_aprd_azure_rm.yml delete mode 100644 inventories/hk-astg/hk_astg_azure_rm.yml rename inventories/{hk-astg => hk-tprd}/group_vars/all.yml (100%) rename inventories/{mtest/tstg.cvm.yml => hk-tprd/hk-tprd.cvm.yml} (82%) delete mode 100644 inventories/mtest/group_vars/all.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 376de60..ec91f86 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -27,22 +27,17 @@ stages: - "tprd-postdeploy-migrations" - "tprd-finish" - - "mtest-prepare" - - "mtest-upgrade" - - "mtest-tke" - - "mtest-finish" - - - "hk-aprd-cny-prepare" - - "hk-aprd-cny-migration" - - "hk-aprd-cny-rollback-tke" - - "hk-aprd-cny-gitaly" - - "hk-aprd-cny-praefect" - - "hk-aprd-cny-finish" - - "hk-aprd-prepare" - - "hk-aprd-rollback-tke" - - "hk-aprd-gitaly" - - "hk-aprd-postdeploy-migrations" - - "hk-aprd-finish" + - "hk-tprd-cny-prepare" + - "hk-tprd-cny-migration" + - "hk-tprd-cny-rollback-tke" + - "hk-tprd-cny-gitaly" + - "hk-tprd-cny-praefect" + - "hk-tprd-cny-finish" + - "hk-tprd-prepare" + - "hk-tprd-rollback-tke" + - "hk-tprd-gitaly" + - "hk-tprd-postdeploy-migrations" + - "hk-tprd-finish" - "release-prepare" - "release-upgrade" @@ -183,15 +178,12 @@ include: - local: /.gitlab-ci/tprd.yml rules: - if: $DEPLOY_ENVIRONMENT == 'tprd' - - local: /.gitlab-ci/mtest.yml - rules: - - if: $DEPLOY_ENVIRONMENT == 'mtest' - local: /.gitlab-ci/release.yml rules: - if: $DEPLOY_ENVIRONMENT == 'release' - - local: /.gitlab-ci/hk-aprd.yml + - local: /.gitlab-ci/hk-tprd.yml rules: - - if: $DEPLOY_ENVIRONMENT == 'hk-aprd' + - if: $DEPLOY_ENVIRONMENT == 'hk-tprd' - project: jihulab/jh-infra/common-ci-tasks ref: v1.1.0 file: prepare-vault-secrets.yml diff --git a/.gitlab-ci/hk-aprd.yml b/.gitlab-ci/hk-tprd.yml similarity index 59% rename from .gitlab-ci/hk-aprd.yml rename to .gitlab-ci/hk-tprd.yml index 7d8892b..e34e70d 100644 --- a/.gitlab-ci/hk-aprd.yml +++ b/.gitlab-ci/hk-tprd.yml @@ -1,38 +1,38 @@ .hk_job_image: - image: ops-registry-hk.jihulab.net/jihulab/jh-infra/ci-images/ansible:${INFRA_CI_IMAGE_ANSIBLE_TAG} + image: dev-ops.gitlab.cn:5050/jihulab/jh-infra/ci-images/ansible:${INFRA_CI_IMAGE_ANSIBLE_TAG} -.var_hk_aprd_cny: &var_hk_aprd_cny - JOB_ENV: hk-aprd +.var_hk_tprd_cny: &var_hk_tprd_cny + JOB_ENV: hk-tprd JOB_STAGE: cny -.var_hk_aprd: &var_hk_aprd - JOB_ENV: hk-aprd +.var_hk_tprd: &var_hk_tprd + JOB_ENV: hk-tprd JOB_STAGE: main -.only_hk_aprd_cny: &only_hk_aprd_cny +.only_hk_tprd_cny: &only_hk_tprd_cny only: variables: - - $DEPLOY_ENVIRONMENT == 'hk-aprd' && $DEPLOY_STAGE == "cny" + - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "cny" except: variables: - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true' - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null - - $DEPLOY_ENVIRONMENT == 'hk-aprd' + - $DEPLOY_ENVIRONMENT == 'hk-tprd' - $CMD -.only_hk_aprd: &only_hk_aprd +.only_hk_tprd: &only_hk_tprd only: variables: - - $DEPLOY_ENVIRONMENT == 'hk-aprd' && $DEPLOY_STAGE == "main" + - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "main" - $CI_COMMIT_REF_NAME != 'main' except: variables: - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true' - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null - - $DEPLOY_ENVIRONMENT == 'hk-aprd' + - $DEPLOY_ENVIRONMENT == 'hk-tprd' - $CMD -.runner_tags_hk_aprd: &runner_tags_hk_aprd +.runner_tags_hk_tprd: &runner_tags_hk_tprd tags: - azure-hk @@ -40,64 +40,64 @@ tags: - helmfile -hk-aprd-cny-secrets: - stage: "hk-aprd-cny-prepare" +hk-tprd-cny-secrets: + stage: "hk-tprd-cny-prepare" extends: - .runner_tags_secrets - .prepare-secrets - .rules_prepare_env_vars variables: - ARTIFACT_FILE_PREFIX: hk-aprd - VAULT_PATHS: hk-saas-aprd/gitlab - <<: *var_hk_aprd_cny + ARTIFACT_FILE_PREFIX: hk-tprd + VAULT_PATHS: hk-saas-tprd/gitlab + <<: *var_hk_tprd_cny -hk-aprd-cny-prepare: - stage: "hk-aprd-cny-prepare" +hk-tprd-cny-prepare: + stage: "hk-tprd-cny-prepare" extends: - .hk_job_image - .prepare - .rules_env_stage - <<: *runner_tags_hk_aprd + <<: *runner_tags_hk_tprd needs: - - hk-aprd-cny-secrets + - hk-tprd-cny-secrets variables: ANSIBLE_TAGS: 'warmup' TARGET_HOSTS: 'gitlab_toolbox:gitaly:gitaly_cluster:praefect' - <<: *var_hk_aprd_cny + <<: *var_hk_tprd_cny -hk-aprd-cny-deploy-toolbox: - stage: "hk-aprd-cny-migration" +hk-tprd-cny-deploy-toolbox: + stage: "hk-tprd-cny-migration" extends: - .hk_job_image - .deploy - .rules_env_stage - <<: *runner_tags_hk_aprd + <<: *runner_tags_hk_tprd variables: ANSIBLE_TAGS: update,clean TARGET_HOSTS: gitlab_toolbox - <<: *var_hk_aprd_cny + <<: *var_hk_tprd_cny -hk-aprd-cny-migration: - stage: "hk-aprd-cny-migration" +hk-tprd-cny-migration: + stage: "hk-tprd-cny-migration" extends: - .hk_job_image - .migration - .rules_env_stage - <<: *runner_tags_hk_aprd + <<: *runner_tags_hk_tprd variables: SKIP_POST_DEPLOYMENT_MIGRATIONS: 'true' RUN_MIGRATIONS: 'true' ANSIBLE_TAGS: 'migration' TARGET_HOSTS: gitlab_toolbox - <<: *var_hk_aprd_cny + <<: *var_hk_tprd_cny needs: - - hk-aprd-cny-deploy-toolbox - - hk-aprd-cny-secrets + - hk-tprd-cny-deploy-toolbox + - hk-tprd-cny-secrets -hk-aprd-cny-rollback-tke: - stage: "hk-aprd-cny-rollback-tke" +hk-tprd-cny-rollback-tke: + stage: "hk-tprd-cny-rollback-tke" variables: - <<: *var_hk_aprd_cny + <<: *var_hk_tprd_cny RUN_THIS_JOB_ONLY_ON_ROLLBACK: 'yes' DRY_RUN: $CHECKMODE COMPONENT: gitlab @@ -108,61 +108,61 @@ hk-aprd-cny-rollback-tke: - .deploy-tke - .rules_env_stage -hk-aprd-cny-gitaly: - stage: "hk-aprd-cny-gitaly" +hk-tprd-cny-gitaly: + stage: "hk-tprd-cny-gitaly" extends: - .hk_job_image - .deploy - .rules_env_stage - <<: *runner_tags_hk_aprd + <<: *runner_tags_hk_tprd variables: TARGET_HOSTS: gitaly_cluster ANSIBLE_TAGS: update,clean SERIAL: 10 - <<: *var_hk_aprd_cny + <<: *var_hk_tprd_cny -hk-aprd-cny-praefect: - stage: "hk-aprd-cny-praefect" +hk-tprd-cny-praefect: + stage: "hk-tprd-cny-praefect" extends: - .hk_job_image - .deploy - .rules_env_stage - <<: *runner_tags_hk_aprd + <<: *runner_tags_hk_tprd variables: TARGET_HOSTS: praefect ANSIBLE_TAGS: update,clean SERIAL: 10 - <<: *var_hk_aprd_cny + <<: *var_hk_tprd_cny -hk-aprd-secrets: - stage: "hk-aprd-prepare" +hk-tprd-secrets: + stage: "hk-tprd-prepare" extends: - .runner_tags_secrets - .prepare-secrets - .rules_prepare_env_vars variables: - ARTIFACT_FILE_PREFIX: hk-aprd - VAULT_PATHS: hk-saas-aprd/gitlab - <<: *var_hk_aprd + ARTIFACT_FILE_PREFIX: hk-tprd + VAULT_PATHS: hk-saas-tprd/gitlab + <<: *var_hk_tprd -hk-aprd-prepare: - stage: "hk-aprd-prepare" +hk-tprd-prepare: + stage: "hk-tprd-prepare" extends: - .hk_job_image - .prepare - .rules_env_stage - <<: *runner_tags_hk_aprd + <<: *runner_tags_hk_tprd needs: - - hk-aprd-secrets + - hk-tprd-secrets variables: ANSIBLE_TAGS: 'warmup' TARGET_HOSTS: 'gitaly_shards_ssd' - <<: *var_hk_aprd + <<: *var_hk_tprd -hk-aprd-rollback-tke: - stage: "hk-aprd-rollback-tke" +hk-tprd-rollback-tke: + stage: "hk-tprd-rollback-tke" variables: - <<: *var_hk_aprd + <<: *var_hk_tprd RUN_THIS_JOB_ONLY_ON_ROLLBACK: 'yes' DRY_RUN: $CHECKMODE COMPONENT: gitlab @@ -173,32 +173,32 @@ hk-aprd-rollback-tke: - .deploy-tke - .rules_env_stage -hk-aprd-gitaly: - stage: "hk-aprd-gitaly" +hk-tprd-gitaly: + stage: "hk-tprd-gitaly" extends: - .hk_job_image - .deploy - .rules_env_stage - <<: *runner_tags_hk_aprd + <<: *runner_tags_hk_tprd variables: TARGET_HOSTS: gitaly_shards_ssd ANSIBLE_TAGS: update,clean SERIAL: 10 - <<: *var_hk_aprd + <<: *var_hk_tprd -hk-aprd-postdeploy-migrations: - stage: "hk-aprd-postdeploy-migrations" +hk-tprd-postdeploy-migrations: + stage: "hk-tprd-postdeploy-migrations" extends: - .hk_job_image - .migration - .rules_env_postdeployment_migrations - <<: *runner_tags_hk_aprd + <<: *runner_tags_hk_tprd variables: SKIP_POST_DEPLOYMENT_MIGRATIONS: 'false' RUN_MIGRATIONS: 'true' RUN_POST_DEPLOY_MIGRATIONS: 'true' ANSIBLE_TAGS: 'migration' TARGET_HOSTS: gitlab_toolbox - <<: *var_hk_aprd + <<: *var_hk_tprd needs: - - hk-aprd-secrets + - hk-tprd-secrets diff --git a/.gitlab-ci/mtest.yml b/.gitlab-ci/mtest.yml deleted file mode 100644 index 62478c8..0000000 --- a/.gitlab-ci/mtest.yml +++ /dev/null @@ -1,50 +0,0 @@ -.var_mtest: &var_mtest - JOB_ENV: mtest - -.only_mtest_notify: &only_mtest_notify - only: - variables: - - $DEPLOY_ENVIRONMENT =~ '/^(mtest)$/' - except: - variables: - - $SKIP_PIPELINE_NOTIFY == 'true' - -.only_mtest: &only_mtest - only: - variables: - - $DEPLOY_ENVIRONMENT == 'mtest' - - $CI_COMMIT_REF_NAME != 'main' - except: - variables: - - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true' - - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null - -mtest-prepare: - stage: "mtest-prepare" - extends: .prepare - variables: - ANSIBLE_TAGS: 'warmup' - TARGET_HOSTS: 'gitaly:praefect:gitaly_shards_ssd:gitlab_toolbox' - <<: *var_mtest - <<: *only_mtest - -mtest-upgrade: - stage: "mtest-upgrade" - extends: .deploy - variables: - TARGET_HOSTS: 'gitaly:praefect:gitaly_shards_ssd:gitlab_toolbox' - ANSIBLE_TAGS: update,clean - SERIAL: 100 - <<: *var_mtest - <<: *only_mtest - -mtest-tke: - stage: "mtest-upgrade" - variables: - <<: *var_mtest - DRY_RUN: $CHECKMODE - CHECKMODE: $CHECKMODE - COMPONENT_VERSION: $DEPLOY_VERSION - DEPLOY_ENVIRONMENT: $JOB_ENV - extends: .deploy-tke - <<: *only_mtest diff --git a/inventories/hk-aprd/group_vars/all.yml b/inventories/hk-aprd/group_vars/all.yml deleted file mode 100644 index ad031ac..0000000 --- a/inventories/hk-aprd/group_vars/all.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -ansible_python_interpreter: /usr/bin/python3 -ansible_user: ubuntu -env_name: hk-aprd -download_region: accelerate diff --git a/inventories/hk-aprd/hk_aprd_azure_rm.yml b/inventories/hk-aprd/hk_aprd_azure_rm.yml deleted file mode 100644 index b4e1abb..0000000 --- a/inventories/hk-aprd/hk_aprd_azure_rm.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -plugin: azure_rm -include_vm_resource_groups: - - rg-hk-saas-aprd -auth_source: auto - -exclude_host_filters: - - tags.gitlab_node_type | default('') == 'jump' - - tags.gitlab_node_type | default('') == 'ci-runner' - - '"gitlab_node_type" not in tags.keys()' - # excludes hosts that are powered off - - powerstate != 'running' - -keyed_groups: - - key: tags.gitlab_node_type | default('none') - trailing_separator: false - - key: tags.gitlab_node_prefix | default('none') - trailing_separator: false - - key: tags.gitlab_node_level | default('none') - trailing_separator: false - -leading_separator: false - -hostvar_expressions: - ansible_host: private_ipv4_addresses.0 - private_ip_address: private_ipv4_addresses.0 - public_ip_address: public_ipv4_addresses - computer_name: computer_name diff --git a/inventories/hk-astg/hk_astg_azure_rm.yml b/inventories/hk-astg/hk_astg_azure_rm.yml deleted file mode 100644 index 9eb8394..0000000 --- a/inventories/hk-astg/hk_astg_azure_rm.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -plugin: azure_rm -include_vm_resource_groups: - - rg-hk-saas-astg -auth_source: auto - -exclude_host_filters: - - tags.gitlab_node_type | default('') == 'jump' - - tags.gitlab_node_type | default('') == 'ci-runner' - - '"gitlab_node_type" not in tags.keys()' - # excludes hosts that are powered off - - powerstate != 'running' - -keyed_groups: - - key: tags.gitlab_node_type | default('none') - trailing_separator: false - - key: tags.gitlab_node_prefix | default('none') - trailing_separator: false - - key: tags.gitlab_node_level | default('none') - trailing_separator: false - -leading_separator: false - -hostvar_expressions: - ansible_host: private_ipv4_addresses.0 - private_ip_address: private_ipv4_addresses.0 - public_ip_address: public_ipv4_addresses - computer_name: computer_name diff --git a/inventories/hk-astg/group_vars/all.yml b/inventories/hk-tprd/group_vars/all.yml similarity index 100% rename from inventories/hk-astg/group_vars/all.yml rename to inventories/hk-tprd/group_vars/all.yml diff --git a/inventories/mtest/tstg.cvm.yml b/inventories/hk-tprd/hk-tprd.cvm.yml similarity index 82% rename from inventories/mtest/tstg.cvm.yml rename to inventories/hk-tprd/hk-tprd.cvm.yml index 055f3e5..10a6d04 100644 --- a/inventories/mtest/tstg.cvm.yml +++ b/inventories/hk-tprd/hk-tprd.cvm.yml @@ -1,4 +1,3 @@ ---- plugin: "jh_infra.jh_collection.tencentcloud_cvm" cache: false @@ -8,20 +7,22 @@ cache_connection: ./cvm_inventory cache_prefix: cvm regions: - - "ap-shanghai" + - "ap-hongkong" filters: project-id: - - "1275707" + - "1301925" instance-state: - "RUNNING" -pattern_include: ^mtest.* +pattern_include: ^cvm-hk-saas-tprd-.* pattern_exclude: .*-auto-scale-runner-.* keyed_groups: - key: tags.gitlab_node_type separator: "" + - key: tags.gitlab_node_type_legacy + separator: "" - key: tags.gitlab_node_level separator: "" - key: tags.gitlab_node_prefix @@ -32,4 +33,3 @@ compose: public_ip_address: public_ip_address private_ip_address: private_ip_address instance_name: instance_name - gitlab_node_type: tags.gitlab_node_type diff --git a/inventories/mtest/group_vars/all.yml b/inventories/mtest/group_vars/all.yml deleted file mode 100644 index 3ecbfd2..0000000 --- a/inventories/mtest/group_vars/all.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -ansible_python_interpreter: /usr/bin/python3 -ansible_user: ubuntu -env_name: mtest -- GitLab From df2c0af163131db2411c7b6ffd2ea77d52aa24ee Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Thu, 14 Dec 2023 16:27:27 +0800 Subject: [PATCH 02/16] ssh --- bin/ansible-wrapper | 4 ++-- bin/prepare_env.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/ansible-wrapper b/bin/ansible-wrapper index f43c7f3..483ec18 100755 --- a/bin/ansible-wrapper +++ b/bin/ansible-wrapper @@ -19,8 +19,8 @@ case $CURRENT_DEPLOY_ENVIRONMENT in hk-astg) SSH_PRIVATE_KEY="$HK_ASTG_SSH_PRIVATE_KEY" ;; - hk-aprd) - SSH_PRIVATE_KEY="$HK_APRD_SSH_PRIVATE_KEY" + hk-tprd) + SSH_PRIVATE_KEY="$GEO_SSH_PRIVATE_KEY" ;; *) SSH_PRIVATE_KEY="$DEFAULT_SSH_PRIVATE_KEY" diff --git a/bin/prepare_env.sh b/bin/prepare_env.sh index 0698323..7e85e58 100755 --- a/bin/prepare_env.sh +++ b/bin/prepare_env.sh @@ -16,7 +16,7 @@ case "$DEPLOY_ENVIRONMENT" in VAULT_PATH_ENV="hk-saas-astg/gitlab" VAULT_PATH_PREFIX="jihulab" ;; - hk-aprd) + hk-tprd) VAULT_PATH_ENV="hk-saas-aprd/gitlab" VAULT_PATH_PREFIX="jihulab" ;; -- GitLab From 2e4155bc2643e5425c7dde978f32ac99080b3295 Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Thu, 14 Dec 2023 16:31:19 +0800 Subject: [PATCH 03/16] update --- .gitlab-ci/hk-tprd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml index e34e70d..380cf54 100644 --- a/.gitlab-ci/hk-tprd.yml +++ b/.gitlab-ci/hk-tprd.yml @@ -48,7 +48,7 @@ hk-tprd-cny-secrets: - .rules_prepare_env_vars variables: ARTIFACT_FILE_PREFIX: hk-tprd - VAULT_PATHS: hk-saas-tprd/gitlab + VAULT_PATHS: hk-saas-aprd/gitlab <<: *var_hk_tprd_cny hk-tprd-cny-prepare: @@ -142,7 +142,7 @@ hk-tprd-secrets: - .rules_prepare_env_vars variables: ARTIFACT_FILE_PREFIX: hk-tprd - VAULT_PATHS: hk-saas-tprd/gitlab + VAULT_PATHS: hk-saas-aprd/gitlab <<: *var_hk_tprd hk-tprd-prepare: -- GitLab From 00761ce8ffb1f07efd37b7324d63ade0f66566b1 Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Thu, 14 Dec 2023 16:33:59 +0800 Subject: [PATCH 04/16] tag --- .gitlab-ci/hk-tprd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml index 380cf54..f57f8d2 100644 --- a/.gitlab-ci/hk-tprd.yml +++ b/.gitlab-ci/hk-tprd.yml @@ -34,7 +34,7 @@ .runner_tags_hk_tprd: &runner_tags_hk_tprd tags: - - azure-hk + - ansible-tencent-hk .runner_tags_secrets: &runner_tags_secrets tags: -- GitLab From ae7f4f86602930ed8e6bacffa7b07e0a3c9ca335 Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Thu, 14 Dec 2023 17:07:44 +0800 Subject: [PATCH 05/16] shards --- .gitlab-ci/hk-tprd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml index f57f8d2..5fb5541 100644 --- a/.gitlab-ci/hk-tprd.yml +++ b/.gitlab-ci/hk-tprd.yml @@ -62,7 +62,7 @@ hk-tprd-cny-prepare: - hk-tprd-cny-secrets variables: ANSIBLE_TAGS: 'warmup' - TARGET_HOSTS: 'gitlab_toolbox:gitaly:gitaly_cluster:praefect' + TARGET_HOSTS: 'gitlab_toolbox:gitaly:gitaly_shards_cny:praefect' <<: *var_hk_tprd_cny hk-tprd-cny-deploy-toolbox: @@ -116,7 +116,7 @@ hk-tprd-cny-gitaly: - .rules_env_stage <<: *runner_tags_hk_tprd variables: - TARGET_HOSTS: gitaly_cluster + TARGET_HOSTS: gitaly_shards_cny ANSIBLE_TAGS: update,clean SERIAL: 10 <<: *var_hk_tprd_cny -- GitLab From 0263aa934cca6ca60e93f67909cdcbb0f2cce2f5 Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Fri, 15 Dec 2023 15:33:35 +0800 Subject: [PATCH 06/16] check key --- bin/ansible-wrapper | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/bin/ansible-wrapper b/bin/ansible-wrapper index 483ec18..9881fd0 100755 --- a/bin/ansible-wrapper +++ b/bin/ansible-wrapper @@ -1,8 +1,5 @@ #!/bin/bash -# shellcheck source=bin/check_vars -source bin/check_vars - case $CURRENT_DEPLOY_ENVIRONMENT in tprd) SSH_PRIVATE_KEY="$TPRD_SSH_PRIVATE_KEY" @@ -27,6 +24,9 @@ case $CURRENT_DEPLOY_ENVIRONMENT in ;; esac +# shellcheck source=bin/check_vars +source bin/check_vars + if [ ! -d ~/.ssh ]; then mkdir ~/.ssh chmod 700 ~/.ssh @@ -34,6 +34,8 @@ fi ssh-keyscan -t rsa gitlab.cn >> ~/.ssh/known_hosts +echo "$SSH_PRIVATE_KEY" + eval "$(ssh-agent -s)" echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - echo "$ANSIBLE_VAULT_PASS" | tr -d 'r' > ~/.vault.txt -- GitLab From 2ec8c466750d2eedae34d5a0bc3c7b5f3d8ad966 Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Fri, 15 Dec 2023 15:46:07 +0800 Subject: [PATCH 07/16] update --- bin/ansible-wrapper | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/ansible-wrapper b/bin/ansible-wrapper index 9881fd0..ccc9e4a 100755 --- a/bin/ansible-wrapper +++ b/bin/ansible-wrapper @@ -17,7 +17,7 @@ case $CURRENT_DEPLOY_ENVIRONMENT in SSH_PRIVATE_KEY="$HK_ASTG_SSH_PRIVATE_KEY" ;; hk-tprd) - SSH_PRIVATE_KEY="$GEO_SSH_PRIVATE_KEY" + SSH_PRIVATE_KEY="$HK_TPRD_SSH_PRIVATE_KEY" ;; *) SSH_PRIVATE_KEY="$DEFAULT_SSH_PRIVATE_KEY" -- GitLab From 1749db24bdfc39af3390147d5034c2b38d0d8654 Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Fri, 15 Dec 2023 15:53:33 +0800 Subject: [PATCH 08/16] update --- bin/ansible-wrapper | 2 -- inventories/hk-tprd/group_vars/all.yml | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/bin/ansible-wrapper b/bin/ansible-wrapper index ccc9e4a..c69e256 100755 --- a/bin/ansible-wrapper +++ b/bin/ansible-wrapper @@ -34,8 +34,6 @@ fi ssh-keyscan -t rsa gitlab.cn >> ~/.ssh/known_hosts -echo "$SSH_PRIVATE_KEY" - eval "$(ssh-agent -s)" echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - echo "$ANSIBLE_VAULT_PASS" | tr -d 'r' > ~/.vault.txt diff --git a/inventories/hk-tprd/group_vars/all.yml b/inventories/hk-tprd/group_vars/all.yml index bf85afa..b89732c 100644 --- a/inventories/hk-tprd/group_vars/all.yml +++ b/inventories/hk-tprd/group_vars/all.yml @@ -1,5 +1,5 @@ --- ansible_python_interpreter: /usr/bin/python3 ansible_user: ubuntu -env_name: hk-astg +env_name: hk-tprd download_region: accelerate -- GitLab From 4ca60de231b6751994d92af8dbc96895ba4768ce Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Fri, 15 Dec 2023 16:01:39 +0800 Subject: [PATCH 09/16] compatible --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ec91f86..54e3d25 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -183,7 +183,7 @@ include: - if: $DEPLOY_ENVIRONMENT == 'release' - local: /.gitlab-ci/hk-tprd.yml rules: - - if: $DEPLOY_ENVIRONMENT == 'hk-tprd' + - if: $DEPLOY_ENVIRONMENT =~ '/^(hk-tprd|hk-aprd)$/' - project: jihulab/jh-infra/common-ci-tasks ref: v1.1.0 file: prepare-vault-secrets.yml -- GitLab From a8954ca37c257e8b02dae1563ebba9ef66ac5d18 Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Fri, 15 Dec 2023 16:04:25 +0800 Subject: [PATCH 10/16] update --- .gitlab-ci/hk-tprd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml index 5fb5541..240c7df 100644 --- a/.gitlab-ci/hk-tprd.yml +++ b/.gitlab-ci/hk-tprd.yml @@ -12,7 +12,7 @@ .only_hk_tprd_cny: &only_hk_tprd_cny only: variables: - - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "cny" + - $DEPLOY_ENVIRONMENT =~ '/^(hk-tprd|hk-aprd)$/' && $DEPLOY_STAGE == "cny" except: variables: - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true' @@ -23,7 +23,7 @@ .only_hk_tprd: &only_hk_tprd only: variables: - - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "main" + - $DEPLOY_ENVIRONMENT =~ '/^(hk-tprd|hk-aprd)$/' && $DEPLOY_STAGE == "main" - $CI_COMMIT_REF_NAME != 'main' except: variables: -- GitLab From 63b8075fe786d44c30e393d8530f17687030e5e5 Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Fri, 15 Dec 2023 16:18:19 +0800 Subject: [PATCH 11/16] fix --- .gitlab-ci.yml | 2 +- .gitlab-ci/hk-tprd.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 54e3d25..35476ad 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -183,7 +183,7 @@ include: - if: $DEPLOY_ENVIRONMENT == 'release' - local: /.gitlab-ci/hk-tprd.yml rules: - - if: $DEPLOY_ENVIRONMENT =~ '/^(hk-tprd|hk-aprd)$/' + - if: $DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ - project: jihulab/jh-infra/common-ci-tasks ref: v1.1.0 file: prepare-vault-secrets.yml diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml index 240c7df..858d65d 100644 --- a/.gitlab-ci/hk-tprd.yml +++ b/.gitlab-ci/hk-tprd.yml @@ -12,7 +12,7 @@ .only_hk_tprd_cny: &only_hk_tprd_cny only: variables: - - $DEPLOY_ENVIRONMENT =~ '/^(hk-tprd|hk-aprd)$/' && $DEPLOY_STAGE == "cny" + - $DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ && $DEPLOY_STAGE == "cny" except: variables: - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true' @@ -23,7 +23,7 @@ .only_hk_tprd: &only_hk_tprd only: variables: - - $DEPLOY_ENVIRONMENT =~ '/^(hk-tprd|hk-aprd)$/' && $DEPLOY_STAGE == "main" + - $DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ && $DEPLOY_STAGE == "main" - $CI_COMMIT_REF_NAME != 'main' except: variables: -- GitLab From f14cfddeda3dda02164df00dc8d882f3d0a768ec Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Fri, 15 Dec 2023 16:23:14 +0800 Subject: [PATCH 12/16] rules --- .gitlab-ci.yml | 3 ++- .gitlab-ci/hk-tprd.yml | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 35476ad..e3a8fe2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -183,7 +183,8 @@ include: - if: $DEPLOY_ENVIRONMENT == 'release' - local: /.gitlab-ci/hk-tprd.yml rules: - - if: $DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ + - if: $DEPLOY_ENVIRONMENT == hk-tprd + - if: $DEPLOY_ENVIRONMENT == hk-aprd - project: jihulab/jh-infra/common-ci-tasks ref: v1.1.0 file: prepare-vault-secrets.yml diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml index 858d65d..b142200 100644 --- a/.gitlab-ci/hk-tprd.yml +++ b/.gitlab-ci/hk-tprd.yml @@ -12,7 +12,8 @@ .only_hk_tprd_cny: &only_hk_tprd_cny only: variables: - - $DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ && $DEPLOY_STAGE == "cny" + - $DEPLOY_ENVIRONMENT == hk-tprd && $DEPLOY_STAGE == "cny" + - $DEPLOY_ENVIRONMENT == hk-aprd && $DEPLOY_STAGE == "cny" except: variables: - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true' @@ -23,7 +24,8 @@ .only_hk_tprd: &only_hk_tprd only: variables: - - $DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ && $DEPLOY_STAGE == "main" + - $DEPLOY_ENVIRONMENT == hk-tprd && $DEPLOY_STAGE == "main" + - $DEPLOY_ENVIRONMENT == hk-aprd && $DEPLOY_STAGE == "main" - $CI_COMMIT_REF_NAME != 'main' except: variables: -- GitLab From 1bd0a51658111e400d630fc671c2c71d24dd0d19 Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Fri, 15 Dec 2023 16:26:24 +0800 Subject: [PATCH 13/16] f --- .gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e3a8fe2..e641aff 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -183,8 +183,7 @@ include: - if: $DEPLOY_ENVIRONMENT == 'release' - local: /.gitlab-ci/hk-tprd.yml rules: - - if: $DEPLOY_ENVIRONMENT == hk-tprd - - if: $DEPLOY_ENVIRONMENT == hk-aprd + - if: $DEPLOY_ENVIRONMENT == hk-tprd || $DEPLOY_ENVIRONMENT == hk-aprd - project: jihulab/jh-infra/common-ci-tasks ref: v1.1.0 file: prepare-vault-secrets.yml -- GitLab From ab945959c2a0296d5ca152d7bc9fbcf70e219760 Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Fri, 15 Dec 2023 16:27:33 +0800 Subject: [PATCH 14/16] fix --- .gitlab-ci.yml | 2 +- .gitlab-ci/hk-tprd.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e641aff..3c47eed 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -183,7 +183,7 @@ include: - if: $DEPLOY_ENVIRONMENT == 'release' - local: /.gitlab-ci/hk-tprd.yml rules: - - if: $DEPLOY_ENVIRONMENT == hk-tprd || $DEPLOY_ENVIRONMENT == hk-aprd + - if: $DEPLOY_ENVIRONMENT == 'hk-tprd' || $DEPLOY_ENVIRONMENT == 'hk-aprd' - project: jihulab/jh-infra/common-ci-tasks ref: v1.1.0 file: prepare-vault-secrets.yml diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml index b142200..b8d4c26 100644 --- a/.gitlab-ci/hk-tprd.yml +++ b/.gitlab-ci/hk-tprd.yml @@ -12,8 +12,8 @@ .only_hk_tprd_cny: &only_hk_tprd_cny only: variables: - - $DEPLOY_ENVIRONMENT == hk-tprd && $DEPLOY_STAGE == "cny" - - $DEPLOY_ENVIRONMENT == hk-aprd && $DEPLOY_STAGE == "cny" + - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "cny" + - $DEPLOY_ENVIRONMENT == 'hk-aprd' && $DEPLOY_STAGE == "cny" except: variables: - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true' @@ -24,8 +24,8 @@ .only_hk_tprd: &only_hk_tprd only: variables: - - $DEPLOY_ENVIRONMENT == hk-tprd && $DEPLOY_STAGE == "main" - - $DEPLOY_ENVIRONMENT == hk-aprd && $DEPLOY_STAGE == "main" + - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "main" + - $DEPLOY_ENVIRONMENT == 'hk-aprd' && $DEPLOY_STAGE == "main" - $CI_COMMIT_REF_NAME != 'main' except: variables: -- GitLab From 40cba9ddeb78d7d6e1621afb13224c0b17f30fe7 Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Fri, 15 Dec 2023 16:33:38 +0800 Subject: [PATCH 15/16] pipeline --- .gitlab-ci/hk-tprd.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml index b8d4c26..2307091 100644 --- a/.gitlab-ci/hk-tprd.yml +++ b/.gitlab-ci/hk-tprd.yml @@ -18,7 +18,6 @@ variables: - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true' - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null - - $DEPLOY_ENVIRONMENT == 'hk-tprd' - $CMD .only_hk_tprd: &only_hk_tprd @@ -31,7 +30,6 @@ variables: - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true' - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null - - $DEPLOY_ENVIRONMENT == 'hk-tprd' - $CMD .runner_tags_hk_tprd: &runner_tags_hk_tprd -- GitLab From aac8a5c878a4fcb66694668e2fdd6c9a8a83aab5 Mon Sep 17 00:00:00 2001 From: vincent_stchu <wbshu@gitlab.cn> Date: Fri, 15 Dec 2023 16:39:13 +0800 Subject: [PATCH 16/16] rules --- .gitlab-ci/hk-tprd.yml | 63 +++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 34 deletions(-) diff --git a/.gitlab-ci/hk-tprd.yml b/.gitlab-ci/hk-tprd.yml index 2307091..d2acd0f 100644 --- a/.gitlab-ci/hk-tprd.yml +++ b/.gitlab-ci/hk-tprd.yml @@ -9,29 +9,6 @@ JOB_ENV: hk-tprd JOB_STAGE: main -.only_hk_tprd_cny: &only_hk_tprd_cny - only: - variables: - - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "cny" - - $DEPLOY_ENVIRONMENT == 'hk-aprd' && $DEPLOY_STAGE == "cny" - except: - variables: - - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true' - - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null - - $CMD - -.only_hk_tprd: &only_hk_tprd - only: - variables: - - $DEPLOY_ENVIRONMENT == 'hk-tprd' && $DEPLOY_STAGE == "main" - - $DEPLOY_ENVIRONMENT == 'hk-aprd' && $DEPLOY_STAGE == "main" - - $CI_COMMIT_REF_NAME != 'main' - except: - variables: - - $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true' - - $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null - - $CMD - .runner_tags_hk_tprd: &runner_tags_hk_tprd tags: - ansible-tencent-hk @@ -40,12 +17,30 @@ tags: - helmfile +.rules_hk_env_stage: &rules_hk_env_stage + rules: + - if: $ONLY_POST_DEPLOYMENT_MIGRATIONS == "true" + when: never + - if: $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true' + when: never + - if: $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null + when: never + - if: '$DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ && ($DEPLOY_STAGE == $JOB_STAGE || $DEPLOY_STAGE == "all")' + +.rules_prepare_hk_env_vars: &rules_prepare_hk_env_vars + rules: + - if: $SKIP_THIS_JOB_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == 'true' + when: never + - if: $RUN_THIS_JOB_ONLY_ON_ROLLBACK == 'yes' && $DEPLOY_ROLLBACK == null + when: never + - if: '$DEPLOY_ENVIRONMENT =~ /^(hk-tprd|hk-aprd)$/ && ($DEPLOY_STAGE == $JOB_STAGE || $DEPLOY_STAGE == "all")' + hk-tprd-cny-secrets: stage: "hk-tprd-cny-prepare" extends: - .runner_tags_secrets - .prepare-secrets - - .rules_prepare_env_vars + - .rules_prepare_hk_env_vars variables: ARTIFACT_FILE_PREFIX: hk-tprd VAULT_PATHS: hk-saas-aprd/gitlab @@ -56,7 +51,7 @@ hk-tprd-cny-prepare: extends: - .hk_job_image - .prepare - - .rules_env_stage + - .rules_hk_env_stage <<: *runner_tags_hk_tprd needs: - hk-tprd-cny-secrets @@ -70,7 +65,7 @@ hk-tprd-cny-deploy-toolbox: extends: - .hk_job_image - .deploy - - .rules_env_stage + - .rules_hk_env_stage <<: *runner_tags_hk_tprd variables: ANSIBLE_TAGS: update,clean @@ -82,7 +77,7 @@ hk-tprd-cny-migration: extends: - .hk_job_image - .migration - - .rules_env_stage + - .rules_hk_env_stage <<: *runner_tags_hk_tprd variables: SKIP_POST_DEPLOYMENT_MIGRATIONS: 'true' @@ -106,14 +101,14 @@ hk-tprd-cny-rollback-tke: DEPLOY_STAGE: $JOB_STAGE extends: - .deploy-tke - - .rules_env_stage + - .rules_hk_env_stage hk-tprd-cny-gitaly: stage: "hk-tprd-cny-gitaly" extends: - .hk_job_image - .deploy - - .rules_env_stage + - .rules_hk_env_stage <<: *runner_tags_hk_tprd variables: TARGET_HOSTS: gitaly_shards_cny @@ -126,7 +121,7 @@ hk-tprd-cny-praefect: extends: - .hk_job_image - .deploy - - .rules_env_stage + - .rules_hk_env_stage <<: *runner_tags_hk_tprd variables: TARGET_HOSTS: praefect @@ -139,7 +134,7 @@ hk-tprd-secrets: extends: - .runner_tags_secrets - .prepare-secrets - - .rules_prepare_env_vars + - .rules_prepare_hk_env_vars variables: ARTIFACT_FILE_PREFIX: hk-tprd VAULT_PATHS: hk-saas-aprd/gitlab @@ -150,7 +145,7 @@ hk-tprd-prepare: extends: - .hk_job_image - .prepare - - .rules_env_stage + - .rules_hk_env_stage <<: *runner_tags_hk_tprd needs: - hk-tprd-secrets @@ -171,14 +166,14 @@ hk-tprd-rollback-tke: DEPLOY_STAGE: $JOB_STAGE extends: - .deploy-tke - - .rules_env_stage + - .rules_hk_env_stage hk-tprd-gitaly: stage: "hk-tprd-gitaly" extends: - .hk_job_image - .deploy - - .rules_env_stage + - .rules_hk_env_stage <<: *runner_tags_hk_tprd variables: TARGET_HOSTS: gitaly_shards_ssd -- GitLab