1

I am in the process of migrating our ansible files to our internal gitlab server and have some confusion about the various ways to keep the ansible roles directory in sync with the gitlab project. The end goal is to have my team add/edit files via the web IDE on gitlab, commit the changes and have those changes pushed to the ansible (awx) server. This way the windows folks on the team does not have to log into a command line and run a pull. I can think of a few different ways to accomplish this but have some confusion on different gitlab features.

1) I have been looking at repo mirroring, specifically push mirror on gitlab. It looks like for this to work it needs to be a bare repo. When I create a bare repo on the ansible server I do not see a repo.git file to include in the URL. It doesnt sound like this is what mirroring is intended for but I am wondering if its a viable solution.

2) Web hooks, I have been looking at the post-receive web hook but do not understand how to apply it. The server is running AWX (Ansible Web GUI) and I prefer not to set up another web server to listen for web hooks. Unless I am misunderstanding how web hooks work.

3) Cron - Set up a cronjob to pull every minute. I know this will work but its hacky at best. I would prefer to use git tools and features if possible.

I understand the risk of automatically pushing to production, although in this case we are not running critical operations on AWX so the risk is low. Am I on the right track with any of these?

2 Answers2

1

Take a look at GitLab's CI/CD functions; those are the intended way to run multiple scripted actions after every change to the repository (i.e. every git push or every commit by the Web IDE).

A simple CI pipeline could run something like ansible-lint as a syntax check, and then do an scp to the AWX server.

The first time setup might seem quite complicated because you have to setup a GitLab Runner, which is the component to actually execute your CI scripts. For your use case just install the runner on you GitLab server/VM.

mschuett
  • 3,066
  • 20
  • 21
  • Thanks! I found https://serverfault.com/questions/780429/gitlab-ci-deploy-via-ssh-to-remote-server for reference. Both the runner VM and the destination VM have sshpass installed. `Running with gitlab-runner 11.4.2 (cf91d5e1) on Server.MyCompanyDomain.com 60a63d36 Using Shell executor... Running on Server.MyCompanyDomain.com... Cloning repository... Cloning into '/home/gitlab-runner/builds/60a63d36/0/awx/roles'... Checking out 6589a212 as master... Skipping Git submodules setup $ sshpass -V bash: line 66: sshpass: command not found ERROR: Job failed: exit status 1` – Edyoucaterself Nov 14 '18 at 13:27
  • Fixed this error by installing sshpass on the VM running gitlab-runner. – Edyoucaterself Nov 14 '18 at 13:36
  • Just wanted to update with my working solution, thanks again. Sorry I can not figure out the formatting. `push_to_awx: stage: deploy environment: Production only: - master script: - sshpass -V - export SSHPASS=$USER_PASS - sshpass -e rsync -avz --exclude .git . awx@lxansazan901s:/var/lib/awx/roles_test` – Edyoucaterself Nov 19 '18 at 14:48
0

You can also consider ansible-pull, which runs on the target host (such as via cron) and checks the repo for changes, and proceeds to run the playbook if the repo has been updated.

ANSIBLE-PULL(1)         System administration commands         ANSIBLE-PULL(1)

NAME
       ansible-pull  -  pulls  playbooks from a VCS repo and executes them for
       the local host

SYNOPSIS
       ansible-pull -U <repository> [options] [<playbook.yml>]

DESCRIPTION
       is used to up a remote copy of ansible on each managed node,  each  set
       to  run  via  cron  and update playbook source via a source repository.
       This inverts the default push  architecture  of  ansible  into  a  pull
       architecture, which has near-limitless scaling potential.

       The  setup  playbook can be tuned to change the cron frequency, logging
       locations, and parameters to ansible-pull.  This  is  useful  both  for
       extreme  scale-out  as  well  as  periodic  remediation.   Usage of the
       'fetch' module to retrieve logs from  ansible-pull  runs  would  be  an
       excellent way to gather and analyze remote logs from ansible-pull.
guzzijason
  • 1,370
  • 7
  • 18