Add GitLab based Kayobe-Automation #1471
Open
+340
−5
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit adds the required collections and roles for GitLab CI to the `etc/kayobe/ansible/requirements.yml` file. Note: this will need changing before merging but is required until the roles and collections been merged and released.
Includes steps for deploying GitLab runners, generating pipelines and deploying OpenBao for secret management.
product-auto-label
bot
added
size: l
ansible
jackhodgkiss
force-pushed
the
add-gitlab-kayobe-automation
branch
from
e1e5994 to
9a301fb
Compare
jackhodgkiss
force-pushed
the
add-gitlab-kayobe-automation
branch
from
9a301fb to
8e675b7
Compare
jackhodgkiss
force-pushed
the
add-gitlab-kayobe-automation
branch
from
8e675b7 to
ff8d471
Compare
Alex-Welsh
reviewed
Jan 23, 2025
There was a problem hiding this comment.
In general, the inline code formatting is a bit weird in this file. Normally we use double backticks: ``code``. This file seems to mix single backticks (which don't render correctly), double backticks, and the :code: directive. Personally I think we should switch everything to double backticks. The existing text is outside the scope of this PR but can we try to stick to the convention for the new parts?
Comment on lines
+8
to
18
| The CI/CD system developed for managing Kayobe based OpenStack clouds is composed of four main components; workflows, runners, OpenBao and kayobe automation. | ||
| Firstly, the workflows are files which describe a series of tasks to be performed in relation to the deployed cloud. | ||
| These workflows are executed on request, on schedule or in response to an event such as a pull request being opened. | ||
| The workflows are designed to carry out various day-to-day activites such as; running Tempest tests, configuring running services or displaying the change to configuration files if a pull request is merged. | ||
| Secondly, in order for the workflows to run against a cloud we would need private runners present within the cloud positioned in such a way they can reach the internal network and public API. | ||
| Deployment of private runners is supported by all major providers with the use of community developed Ansible roles. | ||
| Thirdly, OpenBao is used to store secrets on the same virtual machine the runners are hosted within. | ||
| This provides a secure way of storing secrets and variables which can be accessed by the runners when executing workflows and ensures that secrets never have to leave the cloud. | ||
| Finally, due to the requirement that we support various different platforms tooling in the form of `Kayobe automation <https://github.com/stackhpc/kayobe-automation/>`__ was developed. | ||
| This tooling is not tied to any single CI/CD platform as all tasks are a series of shell script and Ansible playbooks which are designed to run in a purpose build kayobe container. | ||
| This is complemented by the use of an Ansible collection known as `stackhpc.kayobe_workflows <https://github.com/stackhpc/ansible-collection-kayobe-workflows/>`__ which aims to provide users with a quick and easy way of customising all workflows to fit within a customer's cloud. |
There was a problem hiding this comment.
Could you add newlines between lines just to add some spacing? At the moment it renders as a pretty big block of text which makes it harder to parse.
| .. note:: | ||
|
|
||
| The following steps are an example and should be adapted to suit your deployment. | ||
| For example project_id within the gitlab role will need ID of the project that the runners are registered against. |
There was a problem hiding this comment.
Suggested change
| For example project_id within the gitlab role will need ID of the project that the runners are registered against. | |
| For example project_id within the gitlab role will need the ID of the project that the runners are registered against. |
| EOF | ||
| bao write auth/jwt/config \ | ||
| jwks_url="https://gitlab.example.com/oauth/discovery/keys" \ | ||
| bound_issuer="https://gitlab.example.com" \ |
There was a problem hiding this comment.
There's a trailing backslash here. has this command been cut off prematurely?
|
|
||
| - Disable Auto DevOps in the GitLab project settings by visiting the project -> Settings -> CI/CD -> Auto DevOps -> Disable Auto DevOps | ||
|
|
||
| Sometimes the kayobe docker image must be rebuilt the reasons for this include but are not limited to the following; |
There was a problem hiding this comment.
Suggested change
| Sometimes the kayobe docker image must be rebuilt the reasons for this include but are not limited to the following; | |
| Sometimes the kayobe docker image must be rebuilt. The reasons for this include but are not limited to the following; |
| @@ -87,6 +93,7 @@ network | |||
| monitoring | |||
| storage | |||
| compute | |||
| infra-vms | |||
There was a problem hiding this comment.
This could be a breaking change on some systems. Could we instead just add gitlab-runners and github-runners?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support for GitLab based kayobe-automation complete with OpenBao for secret managment.