11/05/2019 - ANSIBLE, DOCKER, JENKINS
Bu örneğimizde Jenkins pipeline hattında Ansible kullanarak Ansible Vault ile şifrelenen gizli bilgilerin uzaktaki sunucuya iletimini yapacağız.
Öncelikle mini isminde bir uygulama klasörü yaratacağız ve vault ile şifrelenen gizli dosyaları tutacağız.
jenkins@server:~$ mkdir -p ~/app-secrets/mini
Aynı anda şifrelemek üzere .env dosyasını yaratın.
jenkins@server:~$ ansible-vault create ~/app-secrets/mini/.env
New Vault password: # type secret here (vault)
Confirm New Vault password: # type secret here again (vault)
# Place this into the editor and save it
DB_USER=inanzzz
DB_PASS=123123
Şifrelemeyi doğrulayalım.
jenkins@server:~$ cat ~/app-secrets/mini/.env
$ANSIBLE_VAULT;1.1;AES256
30343063633063643337346233353332323433653736653437316139626438653936393137393735
6436623965666331333331646563386365383363656464310a326162336565356439623037353934
38656438393562623636666638396438623165323464303762336162616338376133636536323465
6337623135396536610a373333323936376230376534366630383536656234356663656165386130
65613434386632346631663937333965373137393666643637323331343661613362
"Ansible" Jenkins ekini ekleyin ve "Secret text" seçeneği ile yeni bir "Credential" girdisi yaratın. Değer olarak vault, ID olarak AnsibleVault kullanıp kaydedin.
└── cicd
├── merge
│ └── develop
│ └── Jenkinsfile
└── provision
└── stag
├── hosts.yml
└── site.yml
pipeline {
agent any
options {
skipDefaultCheckout(true)
}
stages {
stage('Git') {
steps {
echo '> Checking out the Git version control ...'
checkout scm
}
}
stage('Deploy') {
steps {
echo '> Deploying the application ...'
ansiblePlaybook(
vaultCredentialsId: 'AnsibleVault',
inventory: 'cicd/provision/stag/hosts.yml',
playbook: 'cicd/provision/stag/site.yml'
)
}
}
}
}
all:
hosts:
staging:
ansible_connection: ssh
ansible_user: vagrant
ansible_host: 192.168.99.30
ansible_port: 22
---
- name: Deploy the application secrets to the "staging" server
hosts: staging
remote_user: vagrant
become: yes
tasks:
- name: Create the application directory
file:
path: /home/vagrant/mini
state: directory
owner: vagrant
group: vagrant
- name: Copy secret .env file over
copy:
src: /var/lib/jenkins/app-secrets/mini/.env
dest: /home/vagrant/mini/.env
owner: vagrant
group: vagrant
no_log: true
> Checking out the Git version control ...
using GIT_SSH to set credentials
...
> Deploying the application ...
$ ansible-playbook cicd/provision/stag/site.yml -i cicd/provision/stag/hosts.yml --vault-password-file /var/lib/jenkins/workspace/mini-push-feature/vault6204200521041546377.password
PLAY [Deploy the application to the "staging" server] **************************
TASK [Gathering Facts] *********************************************************
ok: [staging]
TASK [Create the application directory] ****************************************
ok: [staging]
TASK [Copy docker files over] **************************************************
ok: [staging]
TASK [Copy secret .env file over] **********************************************
ok: [staging]
PLAY RECAP *********************************************************************
staging : ok=4 changed=0 unreachable=0 failed=0
Finished: SUCCESS
vagrant@staging:~$ ls -la mini/
-rw-r--r-- 1 vagrant vagrant 2 May 12 21:49 .env
vagrant@staging:~$ cat mini/.env
DB_USER=inanzzz
DB_PASS=123123