Merge pull request usegalaxy-eu#100 from usegalaxy-eu/separate-playbo…

…oks-fix-vault Separate playbooks fix vault
mira-miracoli · Oct 15, 2024 · dd973ff · dd973ff
2 parents 5e494c7 + 6dccb2f
commit dd973ff
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 5 deletions.
diff --git a/ansible/all-playbooks.yml → ansible/playbooks-external.yml b/ansible/all-playbooks.yml → ansible/playbooks-external.yml
@@ -1,4 +1,5 @@
-# Meta-playbook that just imports all other playbooks.
+# Meta-playbook for external builds that just imports all other playbooks.
+# Packer selects this playbook if 'internal' is not in the group names.
 #
 # It defines the order in which playbooks should be run during the provisioning
 # step. Each playbook contains plays that only apply to hosts belonging to a
@@ -15,6 +16,4 @@
 
 - ansible.builtin.import_playbook: jenkins.yml
 
-- ansible.builtin.import_playbook: internal.yml
-
 - ansible.builtin.import_playbook: external.yml
diff --git a/ansible/playbooks-internal.yml b/ansible/playbooks-internal.yml
@@ -0,0 +1,20 @@
+# Meta-playbook for internal images that just imports all other playbooks.
+# This Meta-playbook is selected when packer finds 'internal' in the group names.
+# Requires a --vault-password-file=.vault_password argument in packer.
+#
+# It defines the order in which playbooks should be run during the provisioning
+# step. Each playbook contains plays that only apply to hosts belonging to a
+# group with the same name. Therefore, individual playbooks can be turned on
+# and off via the "groups" variable defined in "templates/variables.pkr.hcl",
+# which can also be overriden form the command line each time packer is
+# launched.
+---
+- ansible.builtin.import_playbook: generic.yml
+
+- ansible.builtin.import_playbook: workers.yml
+
+- ansible.builtin.import_playbook: workers-gpu.yml
+
+- ansible.builtin.import_playbook: jenkins.yml
+
+- ansible.builtin.import_playbook: internal.yml
diff --git a/templates/build.pkr.hcl b/templates/build.pkr.hcl
@@ -95,7 +95,7 @@ build {
     name = "rockylinux-9-latest-x86_64"
     vm_name = "rockylinux-9-latest-x86_64"
     iso_url = "https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9-latest-x86_64-boot.iso"
-    iso_checksum = "sha256:eb096f0518e310f722d5ebd4c69f0322df4fc152c6189f93c5c797dc25f3d2e1"
+    iso_checksum = "sha256:c7e95e3dba88a1f68fff8b7d4e66adf6f76ac4fba2e246a83c46ab79574c78a8"
     disk_size = "${local.disk_size}"
     boot_command = [
       "<esc><wait>",
@@ -108,7 +108,7 @@ build {
   }
 
   provisioner "ansible" {
-    playbook_file    = "ansible/all-playbooks.yml"
+    playbook_file    = "ansible/${local.playbook}"
     user             = "root"
     galaxy_file      = "requirements.yml"
     roles_path       = "ansible/roles/"

diff --git a/templates/variables.pkr.hcl b/templates/variables.pkr.hcl
@@ -26,6 +26,9 @@ variable "headless" {
   type    = string
   default = "true"
 }
+locals {
+  playbook = contains(var.groups, "internal") ? "playbooks-internal.yml" : "playbooks-external.yml"
+}
 locals {
   vault_password = contains(var.groups, "internal") ? "--vault-password-file=${var.vault_password_file}" : null
 }