RFC: Deployments via Ansible (!2448) · Merge requests · GitLab.org / gitaly

Patrick Steinhardt requested to merge pks-ansible-deployments into master Aug 06, 2020

With configuration via Ansible being possible, I thought it may be nice to also enable deploying Terraform via Ansible. I've thus created a "quick" hack to show how that would look like, and by using the "terraform" Ansible module it was in fact quite easy to implement.

So how does it look like from a user perspective?

$ ansible-playbook ./deploy.yml
PLAY [Terraform deployment] *******************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************
ok: [localhost]

TASK [deploy : terraform.tfvars] **************************************************************************************************************************
ok: [localhost]

TASK [deploy] *********************************************************************************************************************************************
ok: [localhost]

TASK [deploy : add gitalies] ******************************************************************************************************************************
changed: [localhost] => (item=pks-tx-gitaly-1)
changed: [localhost] => (item=pks-tx-gitaly-2)
changed: [localhost] => (item=pks-tx-gitaly-3)

TASK [deploy : add praefects] *****************************************************************************************************************************
changed: [localhost] => (item=pks-tx-praefect-1)
changed: [localhost] => (item=pks-tx-praefect-2)
changed: [localhost] => (item=pks-tx-praefect-3)

TASK [deploy : add gitlab] ********************************************************************************************************************************
changed: [localhost]

TASK [deploy : add loadbalancer] **************************************************************************************************************************
changed: [localhost]

TASK [deploy : add database] ******************************************************************************************************************************
changed: [localhost]

PLAY [Gitaly setup] ***************************************************************************************************************************************

TASK [gitaly : /etc/gitlab/gitlab.rb] *********************************************************************************************************************
ok: [34.86.132.127]
ok: [35.194.92.18]
ok: [35.188.253.69]

PLAY [Praefect setup] *************************************************************************************************************************************

TASK [praefect : /etc/gitlab/gitlab.rb] *******************************************************************************************************************
ok: [35.199.51.66]
ok: [35.245.127.77]
ok: [35.245.252.164]

PLAY [GitLab Application server setup] ********************************************************************************************************************

TASK [/etc/gitlab/gitlab.rb] ******************************************************************************************************************************
ok: [35.245.185.70]

TASK [gitlab : Set Grafana password] **********************************************************************************************************************
changed: [35.245.185.70]

PLAY RECAP ************************************************************************************************************************************************
34.86.132.127              : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
35.188.253.69              : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
35.194.92.18               : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
35.199.51.66               : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
35.245.127.77              : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
35.245.185.70              : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
35.245.252.164             : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
localhost                  : ok=8    changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

The playbook is idempotent, so you can re-run it whenever one of your configuration files changes. It will notice the cluster's been deployed already and not re-do all the work, copying over only the changed configuration files, restarting services as required and running tests.

So this works. But the main downside is that it's not as observable as it has been before. Previously, you'd first have seen a deployment plan before typing "yes". Also, right now it doesn't query for any information but simply uses what's there in group_vars/all (this can be changed to prompt, though).

@gl-gitaly So do we want playbook like this? Is it too much magic? Does anybody even read deployment plans?

RFC: Deployments via Ansible

Merge request reports