diff --git a/EXAMPLE/group_vars/_skel/app_vars.yml b/EXAMPLE/group_vars/_skel/app_vars.yml index cd21505a..95f97c7f 100644 --- a/EXAMPLE/group_vars/_skel/app_vars.yml +++ b/EXAMPLE/group_vars/_skel/app_vars.yml @@ -1,2 +1,4 @@ --- +sys_version: "1_0_0" +sysdisks_version: "1_0_1" \ No newline at end of file diff --git a/EXAMPLE/group_vars/_skel/cluster_vars.yml b/EXAMPLE/group_vars/_skel/cluster_vars.yml index ecbd2dd1..92b5c458 100644 --- a/EXAMPLE/group_vars/_skel/cluster_vars.yml +++ b/EXAMPLE/group_vars/_skel/cluster_vars.yml @@ -50,6 +50,7 @@ cluster_name: "{{app_name}}-{{buildenv}}" # Identifies the cluster within # inventory_ip: "public" # 'public' or 'private', (private in case we're operating in a private LAN). If public, 'assign_public_ip' must be 'yes' # instance_profile_name: "" # route53_private_zone: true # Only used when cluster_vars.type == 'aws'. Defaults to true if not set. +# custom_tagslabels: {inv_resident_id: "abc", inv_proposition_id: "def"} # secgroups_existing: [] # secgroup_new: # - proto: "tcp" @@ -65,9 +66,9 @@ cluster_name: "{{app_name}}-{{buildenv}}" # Identifies the cluster within # rule_desc: "Access from all VMs attached to the {{ cluster_name }}-sg group" # sandbox: # hosttype_vars: -# sys: {vms_by_az: {a: 1, b: 1, c: 1}, flavor: t3a.nano, auto_volumes: []} -# #sysnobeats: {vms_by_az: {a: 1, b: 1, c: 1}, skip_beat_install:true, flavor: t3a.nano, auto_volumes: [] -# #sysdisks: {vms_by_az: {a: 1, b: 1, c: 1}, flavor: t3a.nano, auto_volumes: [{"device_name": "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true, perms: {owner: "root", group: "sudo", mode: "775"} }, {"device_name": "/dev/sdc", mountpoint: "/var/log/mysvc2", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}, {"device_name": "/dev/sdd", mountpoint: "/var/log/mysvc3", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]} +# sys: {vms_by_az: {a: 1, b: 1, c: 1}, flavor: t3a.nano, version: "{{sys_version | default('')}}", auto_volumes: []} +# #sysnobeats: {vms_by_az: {a: 1, b: 1, c: 1}, skip_beat_install:true, flavor: t3a.nano, version: "{{sysnobeats_version | default('')}}", auto_volumes: [] +# #sysdisks: {vms_by_az: {a: 1, b: 1, c: 1}, flavor: t3a.nano, version: "{{sysdisks_version | default('')}}", auto_volumes: [{"device_name": "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true, perms: {owner: "root", group: "sudo", mode: "775"} }, {"device_name": "/dev/sdc", mountpoint: "/var/log/mysvc2", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}, {"device_name": "/dev/sdd", mountpoint: "/var/log/mysvc3", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]} # #hostnvme_multi: {vms_by_az: {a: 1, b: 1, c: 1}, flavor: i3en.2xlarge, auto_volumes: [], nvme: {volumes: [{mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}, {mountpoint: "/var/log/mysvc2", fstype: ext4, volume_size: 2500}]} } } # #hostnvme_lvm: {vms_by_az: {a: 1, b: 1, c: 1}, flavor: i3en.2xlarge, auto_volumes: [], nvme: {volumes: [{mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}, {mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}], lvmparams: {vg_name: "vg0", lv_name: "lv0", lv_size: "+100%FREE"} } } # #hostssd: {vms_by_az: {a: 1, b: 1, c: 0}, flavor: c3.large, auto_volumes: [{device_name: "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]} @@ -95,6 +96,7 @@ cluster_name: "{{app_name}}-{{buildenv}}" # Identifies the cluster within # project_id: "{{gcp_credentials_json.project_id}}" # ip_forward: "false" # ssh_guard_whitelist: &ssh_guard_whitelist ['10.0.0.0/8'] # Put your public-facing IPs into this (if you're going to access it via public IP), to avoid rate-limiting. +# custom_tagslabels: {inv_resident_id: "abc", inv_proposition_id: "def"} # network_fw_tags: ["{{cluster_name}}-nwtag"] # firewall_rules: # - name: "{{cluster_name}}-extssh" @@ -111,8 +113,8 @@ cluster_name: "{{app_name}}-{{buildenv}}" # Identifies the cluster within # description: "Access from all VMs attached to the {{cluster_name}}-nwtag group" # sandbox: # hosttype_vars: -# sys: {vms_by_az: {b: 1, c: 1, d: 1}, flavor: f1-micro, rootvol_size: "10", auto_volumes: []} -# #sysdisks: {vms_by_az: {b: 1, c: 1, d: 1}, flavor: f1-micro, rootvol_size: "10", auto_volumes: [{auto_delete: true, interface: "SCSI", volume_size: 2, mountpoint: "/var/log/mysvc", fstype: "ext4", perms: {owner: "root", group: "sudo", mode: "775"}}, {auto_delete: true, interface: "SCSI", volume_size: 2, mountpoint: "/var/log/mysvc2", fstype: "ext4"}, {auto_delete: true, interface: "SCSI", volume_size: 3, mountpoint: "/var/log/mysvc3", fstype: "ext4"}]} +# sys: {vms_by_az: {b: 1, c: 1, d: 1}, flavor: f1-micro, rootvol_size: "10", version: "{{sys_version | default('')}}", auto_volumes: []} +# #sysdisks: {vms_by_az: {b: 1, c: 1, d: 1}, flavor: f1-micro, rootvol_size: "10", version: "{{sysdisks_version | default('')}}", auto_volumes: [{auto_delete: true, interface: "SCSI", volume_size: 2, mountpoint: "/var/log/mysvc", fstype: "ext4", perms: {owner: "root", group: "sudo", mode: "775"}}, {auto_delete: true, interface: "SCSI", volume_size: 2, mountpoint: "/var/log/mysvc2", fstype: "ext4"}, {auto_delete: true, interface: "SCSI", volume_size: 3, mountpoint: "/var/log/mysvc3", fstype: "ext4"}]} # vpc_network_name: "test-{{buildenv}}" # vpc_subnet_name: "" # preemptible: "no" diff --git a/EXAMPLE/group_vars/test_aws_euw1/app_vars.yml b/EXAMPLE/group_vars/test_aws_euw1/app_vars.yml index 73b314ff..fa0f904b 100644 --- a/EXAMPLE/group_vars/test_aws_euw1/app_vars.yml +++ b/EXAMPLE/group_vars/test_aws_euw1/app_vars.yml @@ -1 +1,4 @@ ---- \ No newline at end of file +--- + +sys_version: "1_0_0" +sysdisks_version: "1_0_1" \ No newline at end of file diff --git a/EXAMPLE/group_vars/test_aws_euw1/cluster_vars.yml b/EXAMPLE/group_vars/test_aws_euw1/cluster_vars.yml index 93b97ee2..d920fbe5 100644 --- a/EXAMPLE/group_vars/test_aws_euw1/cluster_vars.yml +++ b/EXAMPLE/group_vars/test_aws_euw1/cluster_vars.yml @@ -43,6 +43,13 @@ cluster_vars: inventory_ip: "public" # 'public' or 'private', (private in case we're operating in a private LAN). If public, 'assign_public_ip' must be 'yes' instance_profile_name: "" route53_private_zone: true # Only used when cluster_vars.type == 'aws'. Defaults to true if not set. + custom_tagslabels: + inv_resident_id: "myresident" + inv_proposition_id: "myproposition" + inv_environment_id: "{{buildenv}}" + inv_service_id: "{{app_class}}" + inv_cluster_id: "{{cluster_name}}" + inv_cluster_type: "{{app_name}}" secgroups_existing: [] secgroup_new: - proto: "tcp" @@ -58,8 +65,8 @@ cluster_vars: rule_desc: "Access from all VMs attached to the {{ cluster_name }}-sg group" sandbox: hosttype_vars: - sys: {vms_by_az: {a: 1, b: 1, c: 1}, flavor: t3a.nano, auto_volumes: []} -# sysdisks: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: t3a.nano, auto_volumes: [{"device_name": "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true, perms: {owner: "root", group: "sudo", mode: "775"} }, {"device_name": "/dev/sdc", mountpoint: "/var/log/mysvc2", fstype: "ext4", "volume_type": "gp2", "volume_size": 3, ephemeral: False, encrypted: True, "delete_on_termination": true}, {"device_name": "/dev/sdd", mountpoint: "/var/log/mysvc3", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]} + sys: {vms_by_az: {a: 1, b: 1, c: 1}, flavor: t3a.nano, version: "{{sys_version | default('')}}", auto_volumes: []} +# sysdisks: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: t3a.nano, version: "{{sysdisks_version | default('')}}", auto_volumes: [{"device_name": "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true, perms: {owner: "root", group: "sudo", mode: "775"} }, {"device_name": "/dev/sdc", mountpoint: "/var/log/mysvc2", fstype: "ext4", "volume_type": "gp2", "volume_size": 3, ephemeral: False, encrypted: True, "delete_on_termination": true}, {"device_name": "/dev/sdd", mountpoint: "/var/log/mysvc3", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]} # hostnvme_multi: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: i3en.2xlarge, auto_volumes: [], nvme: {volumes: [{mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}, {mountpoint: "/var/log/mysvc2", fstype: ext4, volume_size: 2500}]} } # hostnvme_lvm: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: i3en.2xlarge, auto_volumes: [], nvme: {volumes: [{mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}, {mountpoint: "/var/log/mysvc", fstype: ext4, volume_size: 2500}], lvmparams: {vg_name: "vg0", lv_name: "lv0", lv_size: "+100%FREE"} } } # hostssd: {vms_by_az: {a: 1, b: 0, c: 0}, flavor: c3.large, auto_volumes: [{device_name: "/dev/sdb", mountpoint: "/var/log/mysvc", fstype: "ext4", "volume_type": "gp2", "volume_size": 2, ephemeral: False, encrypted: True, "delete_on_termination": true}]} diff --git a/EXAMPLE/group_vars/test_gce_euw1/cluster_vars.yml b/EXAMPLE/group_vars/test_gce_euw1/cluster_vars.yml index 8440583f..4c66c47e 100644 --- a/EXAMPLE/group_vars/test_gce_euw1/cluster_vars.yml +++ b/EXAMPLE/group_vars/test_gce_euw1/cluster_vars.yml @@ -48,6 +48,13 @@ cluster_vars: project_id: "{{gcp_credentials_json.project_id}}" ip_forward: "false" ssh_guard_whitelist: &ssh_guard_whitelist ['10.0.0.0/8'] # Put your public-facing IPs into this (if you're going to access it via public IP), to avoid rate-limiting. + custom_tagslabels: + inv_resident_id: "myresident" + inv_proposition_id: "myproposition" + inv_environment_id: "{{buildenv}}" + inv_service_id: "{{app_class}}" + inv_cluster_id: "{{cluster_name}}" + inv_cluster_type: "{{app_name}}" network_fw_tags: ["{{cluster_name}}-nwtag"] firewall_rules: - name: "{{cluster_name}}-extssh" @@ -64,8 +71,8 @@ cluster_vars: description: "Access from all VMs attached to the {{cluster_name}}-nwtag group" sandbox: hosttype_vars: - sys: {vms_by_az: {b: 1, c: 1, d: 1}, flavor: f1-micro, rootvol_size: "10", auto_volumes: []} - #sysdisks: {vms_by_az: {b: 1, c: 1, d: 1}, flavor: f1-micro, rootvol_size: "10", auto_volumes: [{auto_delete: true, interface: "SCSI", volume_size: 2, mountpoint: "/var/log/mysvc", fstype: "ext4", perms: {owner: "root", group: "sudo", mode: "775"}}, {auto_delete: true, interface: "SCSI", volume_size: 2, mountpoint: "/var/log/mysvc2", fstype: "ext4"}, {auto_delete: true, interface: "SCSI", volume_size: 3, mountpoint: "/var/log/mysvc3", fstype: "ext4"}]} + sys: {vms_by_az: {b: 1, c: 1, d: 1}, flavor: f1-micro, rootvol_size: "10", version: "{{sys_version | default('')}}", auto_volumes: []} + #sysdisks: {vms_by_az: {b: 1, c: 1, d: 1}, flavor: f1-micro, rootvol_size: "10", version: "{{sysdisks_version | default('')}}", auto_volumes: [{auto_delete: true, interface: "SCSI", volume_size: 2, mountpoint: "/var/log/mysvc", fstype: "ext4", perms: {owner: "root", group: "sudo", mode: "775"}}, {auto_delete: true, interface: "SCSI", volume_size: 2, mountpoint: "/var/log/mysvc2", fstype: "ext4"}, {auto_delete: true, interface: "SCSI", volume_size: 3, mountpoint: "/var/log/mysvc3", fstype: "ext4"}]} vpc_network_name: "test-{{buildenv}}" vpc_subnet_name: "" preemptible: "no" diff --git a/EXAMPLE/jenkinsfiles/Jenkinsfile_exec_deploy b/EXAMPLE/jenkinsfiles/Jenkinsfile_exec_deploy index a29f2a2e..ee7a7418 100644 --- a/EXAMPLE/jenkinsfiles/Jenkinsfile_exec_deploy +++ b/EXAMPLE/jenkinsfiles/Jenkinsfile_exec_deploy @@ -37,7 +37,7 @@ pipeline { withCredentials([sshUserPrivateKey(credentialsId: "VTP_${params.DEPLOY_ENV.toUpperCase()}_SSH_KEY", keyFileVariable: 'keyfile', usernameVariable: 'sshuser')]) { sh 'env' sh 'echo "$DEPLOY_ENV: len $(echo -n $VAULT_PASSWORD_BUILDENV | /usr/bin/wc -c) sum $(echo -n $VAULT_PASSWORD_BUILDENV | /usr/bin/sum) "' - sh 'pipenv run ansible-playbook -u ${sshuser} --private-key=${keyfile} -e buildenv=$DEPLOY_ENV -e clusterid=$CLUSTER_ID --vault-id=$DEPLOY_ENV@.vaultpass-client.py cluster.yml -e clean=false' + sh 'pipenv run ansible-playbook -u ${sshuser} --private-key=${keyfile} -e buildenv=$DEPLOY_ENV -e clusterid=$CLUSTER_ID --vault-id=$DEPLOY_ENV@.vaultpass-client.py cluster.yml' } } } diff --git a/EXAMPLE/jenkinsfiles/Jenkinsfile_exec_release_deploy b/EXAMPLE/jenkinsfiles/Jenkinsfile_exec_release_deploy index 45240ba8..c4134e53 100644 --- a/EXAMPLE/jenkinsfiles/Jenkinsfile_exec_release_deploy +++ b/EXAMPLE/jenkinsfiles/Jenkinsfile_exec_release_deploy @@ -26,11 +26,12 @@ pipeline { sh 'env' sh 'pipenv install --python /usr/bin/python3' } - } + } stage('ReDeploy Release') { environment { DEPLOY_ENV="${params.DEPLOY_ENV}" - RELEASE ="${params.RELEASE}" + GIT_RELEASE ="${params.RELEASE}" + IAC_RELEASE ="${params.RELEASE.replace('.', '_')}" GIT_TOKEN = credentials("GITHUB_SVC_USER") VAULT_PASSWORD_BUILDENV = credentials("VAULT_PASSWORD_${params.DEPLOY_ENV.toUpperCase()}") CANARY="-e canary=${params.CANARY}" @@ -39,14 +40,15 @@ pipeline { steps { script { try { - echo "RELEASE= ${RELEASE}" + echo "GIT_RELEASE= ${GIT_RELEASE}" + echo "IAC_RELEASE= ${IAC_RELEASE}" sh "git remote set-url origin https://${GIT_TOKEN_USR}:${GIT_TOKEN_PSW}@github.com/sky-uk/clusterverse.git" sh 'git fetch --tags' - sh 'git checkout ${RELEASE}' + sh 'git checkout ${GIT_RELEASE}' withCredentials([sshUserPrivateKey(credentialsId: "VTP_${params.DEPLOY_ENV.toUpperCase()}_SSH_KEY", keyFileVariable: 'keyfile', usernameVariable: 'sshuser')]) { sh 'env' sh 'echo "$DEPLOY_ENV: len $(echo -n $VAULT_PASSWORD_BUILDENV | /usr/bin/wc -c) sum $(echo -n $VAULT_PASSWORD_BUILDENV | /usr/bin/sum)"' - sh 'pipenv run ansible-playbook -u ${sshuser} --private-key=${keyfile} -e buildenv=$DEPLOY_ENV -e clusterid=$CLUSTER_ID --vault-id=$DEPLOY_ENV@.vaultpass-client.py redeploy.yml $CANARY $MYHOSTTYPES -e release_version=$RELEASE' + sh 'pipenv run ansible-playbook -u ${sshuser} --private-key=${keyfile} -e buildenv=$DEPLOY_ENV -e clusterid=$CLUSTER_ID --vault-id=$DEPLOY_ENV@.vaultpass-client.py redeploy.yml $CANARY $MYHOSTTYPES -e release_version=$IAC_RELEASE' } } catch (err) { // echo "Failed: ${err} - Version ${broken_version} will be deleted and the previous version will be deployed." @@ -62,7 +64,7 @@ pipeline { // sh 'echo "$DEPLOY_ENV: len $(echo -n $VAULT_PASSWORD_BUILDENV | /usr/bin/wc -c) sum $(echo -n $VAULT_PASSWORD_BUILDENV | /usr/bin/sum) "' // sh 'pipenv run ansible-playbook -u ${sshuser} --private-key=${keyfile} -e buildenv=$DEPLOY_ENV -e clusterid=$CLUSTER_ID --vault-id=$DEPLOY_ENV@.vaultpass-client.py cluster.yml -e clean=_all_ --tags=clusterverse_clean' // } - error "${RELEASE} deployment failed" + error "${GIT_RELEASE} deployment failed" } } } diff --git a/_dependencies/tasks/main.yml b/_dependencies/tasks/main.yml index cd4eed5c..d3b7bf7a 100644 --- a/_dependencies/tasks/main.yml +++ b/_dependencies/tasks/main.yml @@ -2,18 +2,18 @@ - name: Load cluster definitions block: - - name: Load native cluster definitions by forcing include of group_vars on localhost (no inventory yet, so cannot import automatically) - include_vars: { dir: "{{ playbook_dir }}/group_vars/{{ clusterid }}" } - when: - - cluster_vars_format|default('native') == 'native' + - name: Load native cluster definitions by forcing include of group_vars on localhost (no inventory yet, so cannot import automatically) + include_vars: { dir: "{{ playbook_dir }}/group_vars/{{ clusterid }}" } + when: + - cluster_vars_format|default('native') == 'native' - - name: Derive cluster definitions by merging tiered configuration files - merge_vars: + - name: Derive cluster definitions by merging tiered configuration files + merge_vars: ignore_missing_files: True from: "{{ merge_dict_vars_list }}" - when: - - cluster_vars_format|default('native') == 'tiered' - - merge_dict_vars_list is defined and merge_dict_vars_list | length > 0 + when: + - cluster_vars_format|default('native') == 'tiered' + - merge_dict_vars_list is defined and merge_dict_vars_list | length > 0 - name: Preflight check @@ -24,5 +24,13 @@ - assert: { that: "clusterid is defined and cluster_vars is defined", msg: "Please define clusterid" } - assert: { that: "buildenv is defined and cluster_vars[buildenv] is defined", msg: "Please define buildenv" } + ## Tags/ labels must be compatible with GCP and AWS - check everything that goes into a label. + - assert: { that: "release_version is regex('^[a-z\\d\\-_]{0,63}$')", msg: "Please ensure release_version ({{release_version}}) is in the set [a-z\\d\\-_], and <63 characters long." } + when: release_version is defined + - assert: { that: "cluster_suffix is regex('^[a-z\\d\\-_]{0,63}$')", msg: "Please ensure cluster_suffix ({{cluster_suffix}}) is in the set[a-z\\d\\-_], and <63 characters long." } + when: cluster_suffix is defined + - assert: { that: "'{%- for label in cluster_vars.custom_tagslabels -%}{% if not cluster_vars.custom_tagslabels[label] is regex('^[a-z\\d\\-_]{0,63}$') %}{{label}}: {{cluster_vars.custom_tagslabels[label]}}{% endif %}{%- endfor -%}' == ''", fail_msg: "Please ensure all cluster_vars.custom_tagslabels are in the set [a-z\\d\\-_], and <63 characters long." } + - assert: { that: "'{%- for hosttype in cluster_vars[buildenv].hosttype_vars -%}{% if ('version' in cluster_vars[buildenv].hosttype_vars[hosttype]) and (not cluster_vars[buildenv].hosttype_vars[hosttype].version is regex('^[a-z\\d\\-_]{0,63}$')) %}{{cluster_vars[buildenv].hosttype_vars[hosttype].version}}{% endif %}{%- endfor -%}' == ''", fail_msg: "Please ensure cluster_vars[{{buildenv}}].hosttype_vars[hosttype].version is in the set [a-z\\d\\-_], and <63 characters long." } + - assert: { that: "(cluster_vars.assign_public_ip == 'yes' and cluster_vars.inventory_ip == 'public') or (cluster_vars.inventory_ip == 'private')", msg: "If inventory_ip=='public', 'assign_public_ip' must be 'yes'" } when: cluster_vars.type == "gce" or cluster_vars.type == "aws" diff --git a/cluster_hosts/tasks/get_cluster_hosts_state.yml b/cluster_hosts/tasks/get_cluster_hosts_state.yml index a62c7992..a704121f 100644 --- a/cluster_hosts/tasks/get_cluster_hosts_state.yml +++ b/cluster_hosts/tasks/get_cluster_hosts_state.yml @@ -89,6 +89,8 @@ - name: get_cluster_hosts_state | cluster_hosts_state debug: msg="{{cluster_hosts_state}}" + delegate_to: localhost + run_once: true when: cluster_hosts_state is defined #- pause: \ No newline at end of file diff --git a/create/tasks/aws.yml b/create/tasks/aws.yml index 98fed535..e779dc28 100644 --- a/create/tasks/aws.yml +++ b/create/tasks/aws.yml @@ -33,21 +33,24 @@ assign_public_ip: "{{cluster_vars.assign_public_ip}}" group: "{{ cluster_vars.secgroups_existing }} {%- if cluster_vars.secgroup_new | length > 0 -%} + {{ ([r__ec2_group.group_name | default()] | default())}} {%- endif -%}" wait: yes - instance_tags: + instance_tags: "{{ _instance_tags | combine(cluster_vars.custom_tagslabels | default({})) }}" + termination_protection: "{{cluster_vars[buildenv].termination_protection}}" + volumes: "{{ item.auto_volumes | default([]) }}" + count_tag: Name: "{{item.hostname}}" + exact_count: 1 + vars: + _instance_tags: + Name: "{{item.hostname}}" + inv_node_version: "{{cluster_vars[buildenv].hosttype_vars[item.hosttype].version | default(omit)}}" + inv_node_type: "{{item.hosttype}}" hosttype: "{{item.hosttype}}" - env: "{{buildenv}}" cluster_name: "{{cluster_name}}" cluster_suffix: "{{cluster_suffix}}" - owner: "{{ lookup('env','USER')| lower }}" - maintenance_mode: "{%- if prometheus_set_unset_maintenance_mode|bool -%}true{%- else -%}false{%- endif -%}" + owner: "{{ lookup('env','USER') | lower }}" + maintenance_mode: "true" release: "{{ release_version }}" lifecycle_state: "current" - termination_protection: "{{cluster_vars[buildenv].termination_protection}}" - volumes: "{{ item.auto_volumes | default([]) }}" - count_tag: - Name: "{{item.hostname}}" - exact_count: 1 with_items: "{{cluster_hosts_target}}" async: 7200 poll: 0 diff --git a/create/tasks/gce.yml b/create/tasks/gce.yml index 60e3102c..459620bf 100644 --- a/create/tasks/gce.yml +++ b/create/tasks/gce.yml @@ -85,15 +85,7 @@ metadata: startup-script: "{%- if cluster_vars.ssh_guard_whitelist is defined and cluster_vars.ssh_guard_whitelist | length > 0 -%}#! /bin/bash\n\n#Whitelist my inbound IPs\n[ -f /etc/sshguard/whitelist ] && echo \"{{cluster_vars.ssh_guard_whitelist | join ('\n')}}\" >>/etc/sshguard/whitelist && /bin/systemctl restart sshguard{%- endif -%}" ssh-keys: "{{ cliargs.remote_user }}:{{ r__gcp_ssh_pubkey.stdout }} {{ cliargs.remote_user }}" - labels: - hosttype: "{{item.hosttype}}" - env: "{{buildenv}}" - cluster_name: "{{cluster_name}}" - cluster_suffix: "{{cluster_suffix}}" - owner: "{{ lookup('env','USER')| lower }}" - maintenance_mode: "true" - release: "{{ release_version }}" - lifecycle_state: "current" + labels: "{{ _labels | combine(cluster_vars.custom_tagslabels | default({})) }}" network_interfaces: - network: "{{ r__gcp_compute_network_info['resources'][0] | default({}) }}" subnetwork: "{{ gcp_compute_subnetwork_info['resources'][0] | default({}) }}" @@ -108,6 +100,16 @@ _autodisks: "{{__autodisksnames | to_json | from_json | json_query(\" [].{auto_delete: auto_delete, interface: interface, device_name: join('',[`\"+item.hostname+\"--`,mountname]), initialize_params: {disk_name: join('',[`\"+item.hostname+\"--`,mountname]), disk_size_gb: volume_size}} \") }}" _bootdisk: {auto_delete: true, boot: true, device_name: "{{ item.hostname }}--boot", initialize_params: {source_image: "{{cluster_vars.image}}", disk_name: "{{ item.hostname }}--boot", disk_size_gb: "{{item.rootvol_size}}"}} _host_disks: "{{[_bootdisk] + _autodisks}}" + _labels: + inv_node_version: "{{cluster_vars[buildenv].hosttype_vars[item.hosttype].version | default(omit)}}" + inv_node_type: "{{item.hosttype}}" + hosttype: "{{item.hosttype}}" + cluster_name: "{{cluster_name}}" + cluster_suffix: "{{cluster_suffix}}" + owner: "{{ lookup('env','USER') | lower }}" + maintenance_mode: "true" + release: "{{ release_version }}" + lifecycle_state: "current" register: gcp_compute_instance with_items: "{{cluster_hosts_target}}" async: 7200