-
Notifications
You must be signed in to change notification settings - Fork 0
218 lines (196 loc) · 6.58 KB
/
deploy_network.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
name: Deploy with Ansible
on:
push:
branches:
- main
env:
ANSIBLE_USER: ${{ secrets.ANSIBLE_USER }}
ANSIBLE_PASSWORD: ${{ secrets.ANSIBLE_PASSWORD }}
GF_SECURITY_ADMIN_USER: ${{ secrets.GF_SECURITY_ADMIN_USER }}
GF_SECURITY_ADMIN_PASSWORD: ${{ secrets.GF_SECURITY_ADMIN_PASSWORD }}
SNMP_PASSWORD: ${{ secrets.SNMP_PASSWORD }}
EMAIL_PASSWORD: ${{ secrets.EMAIL_PASSWORD }}
permissions:
contents: read
jobs:
#Job Build Monitor
build_monitor:
name: Build Monitor
runs-on: self-hosted
environment: production
if: contains(github.event.head_commit.message, 'monitor')
steps:
#Checkout the code
- name: Checkout
uses: actions/checkout@v3
# Install Docker
- name: Install Docker
run: |
sudo apt update
sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
sudo apt install docker-ce -y
sudo usermod -aG docker ${USER}
# Install Trivy
- name: Install Trivy
run: |
sudo apt update
wget https://github.com/aquasecurity/trivy/releases/download/v0.57.1/trivy_0.57.1_Linux-64bit.deb
sudo dpkg -i trivy_0.57.1_Linux-64bit.deb
# Build Image
- name: Build Docker Images
run: |
cd Monitoring
sudo docker compose build
# Job test trivy
test_trivy:
name: Test Trivy
runs-on: self-hosted
environment: production
needs: build_monitor
steps:
#Checkout the code
- name: Checkout
uses: actions/checkout@v3
#Trivy scan
- name: Trivy scan
run: |
pwd
sudo echo "" >> ../../trivy-report.txt
sudo docker images -q | xargs -n 1 -I {} trivy image {} --severity CRITICAL,HIGH --exit-code 0 >> ../../trivy-report.txt
#Job monitor
deploy_monitor:
name: Deploy Monitor
runs-on: self-hosted
environment: production
needs: test_trivy
steps:
#Checkout the code
- name: Checkout
uses: actions/checkout@v3
# Set Grafana secrets in .grafana.secret
- name: Set Grafana secrets in .grafana.secret
run: |
cd Monitoring
echo "GF_SECURITY_ADMIN_USER=${{ secrets.GF_SECURITY_ADMIN_USER }}" > .grafana.secret
echo "GF_SECURITY_ADMIN_PASSWORD=${{ secrets.GF_SECURITY_ADMIN_PASSWORD }}" >> .grafana.secret
# Install Monitoring Server
- name: Install Monitoring Server
env:
SNMP_PASSWORD: ${{ secrets.SNMP_PASSWORD }}
EMAIL_PASSWORD: ${{ secrets.EMAIL_PASSWORD }}
run: |
cd Monitoring
sudo docker compose up -d
sudo docker compose start
cd snmp-exporter
sudo docker run --rm -v $(pwd)/mibs:/opt/mibs -v $(pwd)/generator.yml:/opt/generator.yml -v $(pwd):/opt prom/snmp-generator:main generate
cd ..
sudo docker compose restart
#Job Build Network
build_network:
name: Build Network
runs-on: self-hosted
environment: production
if: contains(github.event.head_commit.message, 'network')
steps:
#Checkout the code
- name: Checkout
uses: actions/checkout@v3
# Install Ansible
- name: Install Ansible
run: |
sudo apt update
sudo apt install -y ansible
# Install python and modules
- name: Install Modules
run: |
sudo apt install python3 python3-pip -y
pip3 install paramiko --no-input
sudo pip3 install ansible-lint
sudo pip3 install --upgrade ansible
sudo pip3 install --upgrade ansible-core
sudo pip3 install ansible-pylibssh
sudo pip3 install molecule molecule-plugins molecule-docker
#Job Lint
lint:
name: Test Lint
runs-on: self-hosted
needs: build_network
environment: production
steps:
#Checkout the code
- name: Checkout
uses: actions/checkout@v3
# Get commit message
- name: Get Commit Message
id: commit_message
run: |
echo "COMMIT_MSG=$(git log -1 --pretty=format:'%s')" >> $GITHUB_ENV
# Run ansible-lint
- name: Run ansible-lint
run: |
cd Network/molecule/default
ansible-lint --fix converge.yml
ansible-lint --fix molecule.yml
ansible-lint --fix verify.yml
if [[ "${{ env.COMMIT_MSG }}" == *"all devices"* ]]; then
ansible-lint --fix playbook_all.yml
elif [[ "${{ env.COMMIT_MSG }}" == *"ISP"* ]]; then
ansible-lint --fix playbook_ISP.yml
elif [[ "${{ env.COMMIT_MSG }}" == *"CORE"* ]]; then
ansible-lint --fix playbook_CORE.yml
elif [[ "${{ env.COMMIT_MSG }}" == *"DIST"* ]]; then
ansible-lint --fix playbook_DIST.yml
elif [[ "${{ env.COMMIT_MSG }}" == *"ACC"* ]]; then
ansible-lint --fix playbook_ACC.yml
else
echo "No matching playbook found for commit message: ${{ env.COMMIT_MSG }}"
fi
#Job Test
molecule_test:
name: Test Molecule
runs-on: self-hosted
needs: lint
environment: production
steps:
# Checkout the code
- name: Checkout
uses: actions/checkout@v3
# Run Molecule test
- name: Run Molecule test
run: |
cd Network/
molecule test
# Job Deploy
deploy_network:
name: Deploy Network
runs-on: self-hosted
needs: molecule_test
steps:
# Checkout code from repository
- name: Checkout repository
uses: actions/checkout@v3
# Get commit message
- name: Get Commit Message
id: commit_message
run: |
echo "COMMIT_MSG=$(git log -1 --pretty=format:'%s')" >> $GITHUB_ENV
# Run Ansible Playbook based on commit message
- name: Run Ansible Playbook
run: |
cd Network/molecule/default
if [[ "${{ env.COMMIT_MSG }}" == *"all devices"* ]]; then
ansible-playbook -i inventory.ini playbook_all.yml
elif [[ "${{ env.COMMIT_MSG }}" == *"ISP"* ]]; then
ansible-playbook -i inventory.ini playbook_ISP.yml
elif [[ "${{ env.COMMIT_MSG }}" == *"CORE"* ]]; then
ansible-playbook -i inventory.ini playbook_CORE.yml
elif [[ "${{ env.COMMIT_MSG }}" == *"DIST"* ]]; then
ansible-playbook -i inventory.ini playbook_DIST.yml
elif [[ "${{ env.COMMIT_MSG }}" == *"ACC"* ]]; then
ansible-playbook -i inventory.ini playbook_ACC.yml
else
echo "No matching playbook found for commit message: ${{ env.COMMIT_MSG }}"
fi