Skip to content

Redploy ML102

Redploy ML102 #8

Workflow file for this run

name: Redploy ML102
on:
workflow_dispatch:
jobs:
redeploy_ml102:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
runs-on: ubuntu-22.04
env:
OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
OS_APPLICATION_CREDENTIAL_NAME: ${{ secrets.OS_APPLICATION_CREDENTIAL_NAME }}
OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }}
AWS_ROUTE53_KEY_ID: ${{ secrets.AWS_ROUTE53_KEY_ID }}
AWS_ROUTE53_SECRET_KEY: ${{ secrets.AWS_ROUTE53_SECRET_KEY }}
TF_VAR_key_pair: ${{ secrets.KEY_PAIR_NAME }}
TF_VAR_extra_public_keys: '${{ vars.EXTRA_PUBLIC_KEYS }}'
TF_VAR_vm_user: ubuntu
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: "1.6.3"
terraform_wrapper: false
- run: python --version
- name: Write private key file
run: |
import os
with open(os.environ['TF_VAR_key_file'], 'w') as fh:
fh.write(os.environ['PRIVATE_KEY_CONTENT'])
shell: python
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
PRIVATE_KEY_CONTENT: ${{ secrets.PRIVATE_KEY_CONTENT }}
- run: chmod 400 ${TF_VAR_key_file}
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
- name: Write clouds.yaml to temp dir
run: |
import os
with open(os.environ['CLOUDS_YAML_FILE'], 'w') as fh:
fh.write(os.environ['CLOUDS_YAML_CONTENT'])
shell: python
env:
CLOUDS_YAML_CONTENT: "${{ secrets.CLOUDS_YAML }}"
CLOUDS_YAML_FILE: "${{ runner.temp }}/clouds.yaml"
- name: Link clouds.yaml
run: |
mkdir -p ~/.config/openstack
ln -s ${CLOUDS_YAML_FILE} ~/.config/openstack/clouds.yaml
env:
CLOUDS_YAML_FILE: "${{ runner.temp }}/clouds.yaml"
- run: echo "GITHUB_REF = $GITHUB_REF"
- run: echo "GITHUB_REF_NAME = $GITHUB_REF_NAME"
- run: echo "GITHUB_HEAD_REF = $GITHUB_HEAD_REF"
- run: echo "GITHUB_BASE_REF = $GITHUB_BASE_REF"
- run: echo "GITHUB_EVENT_NAME = $GITHUB_EVENT_NAME"
- name: Write ansible config file to temp dir
run: |
cp ondemand-config.yml.example ${ONDEMAND_CONFIG_FILE}
sed -i'' "s/CHANGEME_KEYCLOAK_ADMIN_PASSWORD/$KEYCLOAK_ADMIN_PASSWORD/" ${ONDEMAND_CONFIG_FILE}
sed -i'' "s/CHANGEME_LDAP_ADMIN_PASSWORD/$LDAP_ADMIN_PASSWORD/" ${ONDEMAND_CONFIG_FILE}
sed -i'' "s/CHANGEME_OIDC_CRYPTO_PASSPHRASE/$OIDC_CRYPTO_PASSPHRASE/" ${ONDEMAND_CONFIG_FILE}
sed -i'' "s/CHANGEME_OPENSTACK_SSH_KEY_NAME/$KEY_PAIR_NAME/" ${ONDEMAND_CONFIG_FILE}
working-directory: vars
env:
KEYCLOAK_ADMIN_PASSWORD: '${{ secrets.KEYCLOAK_ADMIN_PASSWORD }}'
LDAP_ADMIN_PASSWORD: '${{ secrets.LDAP_ADMIN_PASSWORD }}'
OIDC_CRYPTO_PASSPHRASE: '${{ secrets.OIDC_CRYPTO_PASSPHRASE }}'
KEY_PAIR_NAME: '${{ secrets.KEY_PAIR_NAME }}'
ONDEMAND_CONFIG_FILE: '${{ runner.temp }}/ondemand-config.yml'
- name: Link ondemand config
run: |
ln -s ${ONDEMAND_CONFIG_FILE} ondemand-config.yml
working-directory: vars
env:
ONDEMAND_CONFIG_FILE: '${{ runner.temp }}/ondemand-config.yml'
- name: Install ansible dependencies
run: ansible-galaxy install -r requirements.yml
- name: Terraform initialise
run: terraform init -input=false
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
working-directory: terraform
- name: Switch terraform workspace (making sure it exists)
run: terraform workspace select -or-create=true ${GITHUB_BASE_REF:-$GITHUB_REF_NAME}
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
working-directory: terraform
- name: Install required Python library (botocore and boto3)
run: |
pip install botocore
pip install boto3
working-directory: terraform
- name: Ensure infrastructure is setup
run: ansible-playbook setup-infra.yml -e operation=create -e terraform_workspace="${GITHUB_BASE_REF:-$GITHUB_REF_NAME}"
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
ANSIBLE_HOST_KEY_CHECKING: "False"
CLOUDS_YAML_BASE64: "${{ secrets.CLOUDS_YAML_BASE64 }}"
KUBE_CONFIG_BASE64: "${{ secrets.KUBE_CONFIG_BASE64 }}"
WILD_CERT_BASE64: "${{ secrets.WILD_CERT_BASE64 }}"
WILD_CERT_KEY_BASE64: "${{ secrets.WILD_CERT_KEY_BASE64 }}"
- name: Redeploy ML102
run: ansible-playbook -i host.ini redeploy-ml102.yml -u "${TF_VAR_vm_user}" --key-file '${TF_VAR_key_file}' -e terraform_workspace="${GITHUB_BASE_REF:-$GITHUB_REF_NAME}"
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
ANSIBLE_HOST_KEY_CHECKING: "False"
CLOUDS_YAML_BASE64: "${{ secrets.CLOUDS_YAML_BASE64 }}"
KUBE_CONFIG_BASE64: "${{ secrets.KUBE_CONFIG_BASE64 }}"
WILD_CERT_BASE64: "${{ secrets.WILD_CERT_BASE64 }}"
WILD_CERT_KEY_BASE64: "${{ secrets.WILD_CERT_KEY_BASE64 }}"