a7e332f9ec
Added 2 phases: 1. secret-reencrypt - This phase can be used to reecnrypt the existing secrets with new key. To do so SOPS_IMPORT_PGP must contain old public key and new private key (but may also include other data). SOPS_PGP_FP must contain fingerprint of new private key. 2. secret-show - This phase may be useful for some users that need to see what generated by secret-generate phase. Disabled SOPS debug by default. To enable it back run commands with env variable DEBUG_SOPS_GPG=true Change-Id: Id7fe13d6943d386577df25dba4aaa83e62e58980
57 lines
2.6 KiB
YAML
57 lines
2.6 KiB
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- hosts: primary
|
|
vars_files:
|
|
- vars/test-config.yaml
|
|
environment:
|
|
SOPS_IMPORT_PGP: "{{ airship_config_pgp }}"
|
|
SOPS_PGP_FP_ENCRYPT: "{{ airship_config_pgp_fp1 }}"
|
|
SOPS_PGP_FP_REENCRYPT: "{{ airship_config_pgp_fp2 }}"
|
|
AZURE_SUBSCRIPTION_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc3Vic2NyaXB0aW9uIGlkIGhlcmUK"
|
|
AZURE_TENANT_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgdGVuYW50IGlkIGhlcmUK"
|
|
AZURE_CLIENT_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc2VydmljZSBwcmluY2lwYWwgaWQgaGVyZQo="
|
|
AZURE_CLIENT_SECRET_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc2VydmljZSBwcmluY2lwYWwgc2VjcmV0IGhlcmUK"
|
|
AZURE_ENVIRONMENT: "AzurePublicCloud"
|
|
GCP_CONTROL_PLANE_MACHINE_TYPE: "bjEtc3RhbmRhcmQtNA=="
|
|
GCP_NODE_MACHINE_TYPE: "bjEtc3RhbmRhcmQtNA=="
|
|
GCP_PROJECT: "bjEtc3RhbmRhcmQtNA=="
|
|
GCP_REGION: "dXMtd2VzdDE="
|
|
GCP_NETWORK_NAME: "ZGVmYXVsdA=="
|
|
GCP_B64ENCODED_CREDENTIALS: "bjEtc3RhbmRhcmQtNA=="
|
|
tasks:
|
|
- name: "set default gate scripts"
|
|
set_fact:
|
|
gate_scripts_default:
|
|
- ./tools/deployment/01_install_kubectl.sh
|
|
- ./tools/deployment/21_systemwide_executable.sh
|
|
- ./tools/deployment/22_test_configs.sh
|
|
- ./tools/deployment/23_pull_documents.sh
|
|
- ./tools/deployment/23_generate_secrets.sh
|
|
- ./tools/deployment/24_build_images.sh
|
|
- ./tools/deployment/25_deploy_ephemeral_node.sh
|
|
- ./tools/deployment/26_deploy_capi_ephemeral_node.sh
|
|
- ./tools/deployment/30_deploy_controlplane.sh
|
|
- ./tools/deployment/31_deploy_initinfra_target_node.sh
|
|
- ./tools/deployment/32_cluster_init_target_node.sh
|
|
- ./tools/deployment/33_cluster_move_target_node.sh
|
|
- ./tools/deployment/34_deploy_worker_node.sh
|
|
- ./tools/deployment/35_deploy_workload.sh
|
|
- ./tools/deployment/36_verify_hwcc_profiles.sh
|
|
|
|
- name: "Run gate scripts"
|
|
include_role:
|
|
name: airshipctl-run-script
|
|
vars:
|
|
gate_script_path: "{{ item }}"
|
|
with_items: "{{ gate_scripts | default(gate_scripts_default) }}"
|