notes/GitLab_Notes.txt at master · pataraco/notes · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
------------
GitLab Notes
------------


CI/CD
-----

Questions / Things to Address
-----------------------------
- Designate a repo for Dev team to use and push to which will also contain the pipeline file
- Develop tests to test the changes before building a staging environment
   - can be done by Dev if no automation changes exist.
   - DevOps to build the tests for automation changes
- Decide whether or not to automatically build a staging environment once Dev pushes to the repo
   - Do we want to allow Dev to be able to build/destroy staging without our intervention?
     (only if/when there are no automation changes)
- Have the GitLab CI/CD build staging from new pushes to Dev repo or DevOps repo
   - May be a need for 2 separate pipelines.
      - One to build staging directly from pushes to Dev repo if/when there are no infrastructure changes (i.e. no automation changes), and
      - another if/when there are automation changes.
   - Dev could have control over their pipeline and it could be configured in a way for them to [click] when they are done with testing and the pipeline can destroy staging.
   - Using tags, our pipeline can run project specific jobs depending on what got pushed to our repo.
- Where to build the GitLab runner
   - Bastion instance in AWS account?
- Runner: How create/use a Docker image to not allow DevOps repo publicly available
   - Maybe create/use a Docker image that has the correct Ansible and Python versions and then add DevOps repo using KMS. only issue is that it will be slow.
- Runner: do not use a public docker image in case it goes away - no control
- Need to come up with tests when building out staging to know if/when to proceed with specific steps
   - e.g. when MongoDB cluster is up to perform DB "restore" and when ElasticSearch cluster is ready for DB "restore"
- Need a script to take PCR steps to create a script to standup staging or just create on the side
- After completion of pipeline, need email confirming success and DNS of staging

TO-DO
-----
- set up/get a set of AWS keys (GitLab secrets) for the Docker image to use and set up .aws/config
- then use credstash or GitLab secrets for following:
  - set up ansible vault passwd: e.g. ~/.vault.sh (GitLab secrets)
  - set up git credentials (GitLab secrets)
- get/set up ops.pem to run Ansible (ssh)
- figure out which docker account to publish the ansible container

Docs
----
  GitLab CI/CD: https://about.gitlab.com/features/gitlab-ci-cd/
  (/) Quick Start: https://docs.gitlab.com/ee/ci/quick_start/
               https://docs.gitlab.com/ee/ci/quick_start/README.html
  GitLab CI: https://docs.gitlab.com/ee/ci/
  .gitlab-ci.yml syntax: https://docs.gitlab.com/ee/ci/yaml/README.html

Files
-----
  - Pipeline file
     .gitlab-ci.yml in repo root
  - runner config
     /etc/gitlab-runner/config.toml

Runners
-------
# Specific Runner
- checking for existance of a runner
  Project -> Settings -> CI/CD Pipelines
- install a runner -  https://docs.gitlab.com/runner/install/
  # configure yum repo to install the runner
  $ curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh | sudo bash
  # install the runner
  $ sudo yum install gitlab-runner
  # register the runner   # get the URL and token from runnner settings page in GitLab UI
  # register under Linux
  $ sudo gitlab-runner register
  Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
  https://git.org-lab.com/ci
  Please enter the gitlab-ci token for this runner:
  Fk-xyTY_31J
  Please enter the gitlab-ci description for this runner:
  [praco.dev.local]: raco-gitlab-runner
  Please enter the gitlab-ci tags for this runner (comma separated):
  raco,test
  Whether to run untagged builds [true/false]:
  [false]: true
  Whether to lock the Runner to current project [true/false]:
  [true]: true
  Registering runner... succeeded                     runner=Fk-xyT
  Please enter the executor: docker+machine, docker-ssh+machine, virtualbox, docker-ssh, parallels, shell, ssh, kubernetes, docker:
  docker
  Please enter the default Docker image (e.g. ruby:2.1):
  ruby:2.1
  Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
- configure it   # should be done already - look on runners page
  https://docs.gitlab.com/ee/ci/runners/README.html#registering-a-specific-runner
# Shared Runner

tags: GitLab