From e620667ee15907a6ebae8bcf8e6b9d5dc1c3fbdc Mon Sep 17 00:00:00 2001 From: Benjamin Hays Date: Sat, 12 Oct 2024 18:41:22 -0400 Subject: [PATCH 01/12] Revert previous error --- .gitea/workflows/ansible-deploy.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/ansible-deploy.yml b/.gitea/workflows/ansible-deploy.yml index cbd186b..2d0b796 100644 --- a/.gitea/workflows/ansible-deploy.yml +++ b/.gitea/workflows/ansible-deploy.yml @@ -11,7 +11,13 @@ jobs: - Ansible/heartbeat.yml - Ansible/debian.yml steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v3 + + - name: Install Ansible + run: | + apt update -y + apt install python3-pip -y + python3 -m pip install ansible #- name: Install Ansible Galaxy requirements # run: | -- 2.43.0 From 2b4418bdf14609b4eb1c3fc43994d7ec9ba787b7 Mon Sep 17 00:00:00 2001 From: Benjamin Hays Date: Sat, 12 Oct 2024 18:56:37 -0400 Subject: [PATCH 02/12] second attempt at fixing deploy script --- .gitea/workflows/ansible-deploy.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/.gitea/workflows/ansible-deploy.yml b/.gitea/workflows/ansible-deploy.yml index 2d0b796..cd4ccd4 100644 --- a/.gitea/workflows/ansible-deploy.yml +++ b/.gitea/workflows/ansible-deploy.yml @@ -3,6 +3,8 @@ on: [push] jobs: deploy: runs-on: ubuntu-latest + env: + RUNNER_TOOL_CACHE: /toolcache strategy: matrix: playbook: @@ -11,7 +13,14 @@ jobs: - Ansible/heartbeat.yml - Ansible/debian.yml steps: + - name: Copy SSH Key + run: | + mkdir ~/.ssh/ + echo '${{secrets.SSH_PRIVATE_KEY}}' > ~/.ssh/id_rsa + - uses: actions/checkout@v3 + with: + submodules: recursive - name: Install Ansible run: | @@ -26,17 +35,12 @@ jobs: - name: Run playbook uses: dawidd6/action-ansible-playbook@v2 with: - # Required, playbook filepath playbook: ${{ matrix.playbook }} - - # Optional, directory where playbooks live directory: ./ - - # Optional, SSH private key key: ${{secrets.SSH_PRIVATE_KEY}} vault_password: ${{secrets.VAULT_PASSWORD}} - # Optional, galaxy requirements filepath # requirements: requirements.yaml + options: | --inventory Ansible/inventory.ini \ No newline at end of file -- 2.43.0 From c1e2aa4551e35f677730e2a80f9b31de4478d1bc Mon Sep 17 00:00:00 2001 From: Benjamin Hays Date: Sat, 12 Oct 2024 19:00:35 -0400 Subject: [PATCH 03/12] third attempt --- .gitea/workflows/ansible-deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitea/workflows/ansible-deploy.yml b/.gitea/workflows/ansible-deploy.yml index cd4ccd4..744b948 100644 --- a/.gitea/workflows/ansible-deploy.yml +++ b/.gitea/workflows/ansible-deploy.yml @@ -16,6 +16,8 @@ jobs: - name: Copy SSH Key run: | mkdir ~/.ssh/ + echo "Host *" > ~/.ssh/config + echo " StrictHostKeyChecking no" >> ~/.ssh/config echo '${{secrets.SSH_PRIVATE_KEY}}' > ~/.ssh/id_rsa - uses: actions/checkout@v3 -- 2.43.0 From 919386cc3ad29c29e54a091f2ab036d1ff2fa792 Mon Sep 17 00:00:00 2001 From: Benjamin Hays Date: Sat, 12 Oct 2024 19:01:36 -0400 Subject: [PATCH 04/12] fourth attempt --- .gitea/workflows/ansible-deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/ansible-deploy.yml b/.gitea/workflows/ansible-deploy.yml index 744b948..0f23042 100644 --- a/.gitea/workflows/ansible-deploy.yml +++ b/.gitea/workflows/ansible-deploy.yml @@ -19,6 +19,7 @@ jobs: echo "Host *" > ~/.ssh/config echo " StrictHostKeyChecking no" >> ~/.ssh/config echo '${{secrets.SSH_PRIVATE_KEY}}' > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa - uses: actions/checkout@v3 with: -- 2.43.0 From bd891445b7b18c5b65c75a9d17e2303bdd0d41f4 Mon Sep 17 00:00:00 2001 From: Benjamin Hays Date: Sat, 12 Oct 2024 19:06:44 -0400 Subject: [PATCH 05/12] fifth attempt --- .gitea/workflows/ansible-deploy.yml | 3 ++- Ansible/homelab-vault | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/ansible-deploy.yml b/.gitea/workflows/ansible-deploy.yml index 0f23042..e9a26d6 100644 --- a/.gitea/workflows/ansible-deploy.yml +++ b/.gitea/workflows/ansible-deploy.yml @@ -46,4 +46,5 @@ jobs: # requirements: requirements.yaml options: | - --inventory Ansible/inventory.ini \ No newline at end of file + --inventory Ansible/inventory.ini + --extra-vars "@Ansible/homelab-vault/secrets.yml" \ No newline at end of file diff --git a/Ansible/homelab-vault b/Ansible/homelab-vault index 6b8679d..e95c8ff 160000 --- a/Ansible/homelab-vault +++ b/Ansible/homelab-vault @@ -1 +1 @@ -Subproject commit 6b8679decc51b10d3a028993d11892be763e0eb7 +Subproject commit e95c8ff2aef2e919e5bf0fc8133aaec69ea8dc08 -- 2.43.0 From 39f57473f6cf4e7769db55f2039a116a02dab484 Mon Sep 17 00:00:00 2001 From: Benjamin Hays Date: Sat, 12 Oct 2024 19:12:11 -0400 Subject: [PATCH 06/12] sixth attempt --- .gitea/workflows/ansible-deploy.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/ansible-deploy.yml b/.gitea/workflows/ansible-deploy.yml index e9a26d6..2a2a14f 100644 --- a/.gitea/workflows/ansible-deploy.yml +++ b/.gitea/workflows/ansible-deploy.yml @@ -29,7 +29,8 @@ jobs: run: | apt update -y apt install python3-pip -y - python3 -m pip install ansible + python3 -m pip install ansible + echo '${{secrets.BECOME_PASSWORD}}' > ./.become_pass #- name: Install Ansible Galaxy requirements # run: | @@ -47,4 +48,4 @@ jobs: options: | --inventory Ansible/inventory.ini - --extra-vars "@Ansible/homelab-vault/secrets.yml" \ No newline at end of file + --become-pass-file ./.become_pass \ No newline at end of file -- 2.43.0 From 97d06dc4e17e96cf39e17fda8a40663966209c7e Mon Sep 17 00:00:00 2001 From: Benjamin Hays Date: Sat, 12 Oct 2024 19:21:54 -0400 Subject: [PATCH 07/12] seventh attempt --- .gitea/workflows/ansible-deploy.yml | 3 +-- Ansible/ansible.cfg | 2 +- ansible.cfg | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/ansible-deploy.yml b/.gitea/workflows/ansible-deploy.yml index 2a2a14f..e0018fb 100644 --- a/.gitea/workflows/ansible-deploy.yml +++ b/.gitea/workflows/ansible-deploy.yml @@ -30,7 +30,6 @@ jobs: apt update -y apt install python3-pip -y python3 -m pip install ansible - echo '${{secrets.BECOME_PASSWORD}}' > ./.become_pass #- name: Install Ansible Galaxy requirements # run: | @@ -48,4 +47,4 @@ jobs: options: | --inventory Ansible/inventory.ini - --become-pass-file ./.become_pass \ No newline at end of file + --extra-vars "@Ansible/homelab-vault/secrets.yml" \ No newline at end of file diff --git a/Ansible/ansible.cfg b/Ansible/ansible.cfg index a7e975a..4c5e49a 100644 --- a/Ansible/ansible.cfg +++ b/Ansible/ansible.cfg @@ -4,4 +4,4 @@ host_key_checking = False inventory = ./inventory.ini [privilege_escalation] -become_ask_pass = True +#become_ask_pass = True diff --git a/ansible.cfg b/ansible.cfg index 017a171..791b1bf 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -4,4 +4,4 @@ host_key_checking = False inventory = ./Ansible/inventory.ini [privilege_escalation] -become_ask_pass = True +#become_ask_pass = True -- 2.43.0 From 43d2e66b6a017001775d3e0f03cd3dac42d5b277 Mon Sep 17 00:00:00 2001 From: Benjamin Hays Date: Sat, 12 Oct 2024 19:28:23 -0400 Subject: [PATCH 08/12] add caching and version control for pip packages --- .gitea/workflows/ansible-deploy.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/ansible-deploy.yml b/.gitea/workflows/ansible-deploy.yml index e0018fb..ee22a0b 100644 --- a/.gitea/workflows/ansible-deploy.yml +++ b/.gitea/workflows/ansible-deploy.yml @@ -5,6 +5,7 @@ jobs: runs-on: ubuntu-latest env: RUNNER_TOOL_CACHE: /toolcache + ANSIBLE_VERSION: 10.5.0 strategy: matrix: playbook: @@ -25,11 +26,17 @@ jobs: with: submodules: recursive + - name: "Cache python packages" + uses: actions/cache@v3 + with: + path: ~/.cache/pip + key: ${{ runner.os }}-${{ env.ANSIBLE_VERSION }} + - name: Install Ansible run: | apt update -y apt install python3-pip -y - python3 -m pip install ansible + python3 -m pip install ansible==${{ env.ANSIBLE_VERSION }} #- name: Install Ansible Galaxy requirements # run: | -- 2.43.0 From 1c68f9d2e1676c3feaaf6348d63d5354b6d532d1 Mon Sep 17 00:00:00 2001 From: Benjamin Hays Date: Sat, 12 Oct 2024 19:30:39 -0400 Subject: [PATCH 09/12] fix runner error with openssh playbook --- Ansible/openssh.yml | 2 +- Configs/authorized_keys | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 Configs/authorized_keys diff --git a/Ansible/openssh.yml b/Ansible/openssh.yml index 047cdb7..f5b0153 100644 --- a/Ansible/openssh.yml +++ b/Ansible/openssh.yml @@ -31,7 +31,7 @@ ansible.builtin.copy: owner: bhays mode: "0600" - src: ~/.ssh/authorized_keys + src: ../Configs/authorized_keys dest: /home/bhays/.ssh/authorized_keys - name: Copy secure login banner ansible.builtin.copy: diff --git a/Configs/authorized_keys b/Configs/authorized_keys new file mode 100644 index 0000000..460469b --- /dev/null +++ b/Configs/authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClhOkA+6Wj+HmJb32wqDXAksOr7mhRovSQAt/6PNem/q0R+JA4qyYpStPAkLTHmUJhUPYlyeVPJyaGxRyE96SSrLxy2tGvfch1D2XkrYTZoyEYc0QNg2PfgCkAZofDSPrErzcAzT9XBJ+/9rga8IBZ3F8Nm1gl401y0Ckchdne/i+npVurimpSMJbIwjIsg7ij1gWLL4idIftW7IDloWedI1O2XdBW9VDpA/zq46tBwt3Jeelv5oDCup6g9wLQwBpmegWXYS+p47vGzIYp2qBI2D/opOZCUaBNT81G80E9H0fsNDi8xCBfVj7zgBQHzviqGFqeKjU39FbLZlkeISMX rsa-key-20231020 \ No newline at end of file -- 2.43.0 From 57e600f3d61b791759455361370b99eb75a767f1 Mon Sep 17 00:00:00 2001 From: Benjamin Hays Date: Sat, 12 Oct 2024 19:35:52 -0400 Subject: [PATCH 10/12] correct version to fix errors --- .gitea/workflows/ansible-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/ansible-deploy.yml b/.gitea/workflows/ansible-deploy.yml index ee22a0b..f7f2038 100644 --- a/.gitea/workflows/ansible-deploy.yml +++ b/.gitea/workflows/ansible-deploy.yml @@ -5,7 +5,7 @@ jobs: runs-on: ubuntu-latest env: RUNNER_TOOL_CACHE: /toolcache - ANSIBLE_VERSION: 10.5.0 + ANSIBLE_VERSION: "8.7.0" strategy: matrix: playbook: -- 2.43.0 From 5b0d0aa13e3c6214255ff4cbf13f908b1463577c Mon Sep 17 00:00:00 2001 From: Benjamin Hays Date: Sat, 12 Oct 2024 21:29:49 -0400 Subject: [PATCH 11/12] revert to pip version and try new caching method --- .gitea/workflows/ansible-deploy.yml | 24 +++-------------- .gitea/workflows/ansible-install.yml | 39 ++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 20 deletions(-) create mode 100644 .gitea/workflows/ansible-install.yml diff --git a/.gitea/workflows/ansible-deploy.yml b/.gitea/workflows/ansible-deploy.yml index f7f2038..2368e0b 100644 --- a/.gitea/workflows/ansible-deploy.yml +++ b/.gitea/workflows/ansible-deploy.yml @@ -1,7 +1,11 @@ name: Ansible Deploy on: [push] jobs: + build: + uses: ./.gitea/workflows/ansible-install.yml + deploy: + needs: [ 'build' ] runs-on: ubuntu-latest env: RUNNER_TOOL_CACHE: /toolcache @@ -22,26 +26,6 @@ jobs: echo '${{secrets.SSH_PRIVATE_KEY}}' > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa - - uses: actions/checkout@v3 - with: - submodules: recursive - - - name: "Cache python packages" - uses: actions/cache@v3 - with: - path: ~/.cache/pip - key: ${{ runner.os }}-${{ env.ANSIBLE_VERSION }} - - - name: Install Ansible - run: | - apt update -y - apt install python3-pip -y - python3 -m pip install ansible==${{ env.ANSIBLE_VERSION }} - - #- name: Install Ansible Galaxy requirements - # run: | - # ansible-galaxy install -r requirements.yaml - - name: Run playbook uses: dawidd6/action-ansible-playbook@v2 with: diff --git a/.gitea/workflows/ansible-install.yml b/.gitea/workflows/ansible-install.yml new file mode 100644 index 0000000..1f78e34 --- /dev/null +++ b/.gitea/workflows/ansible-install.yml @@ -0,0 +1,39 @@ +name: Install Ansible using Pip + +on: + workflow_call: + +jobs: + build: + runs-on: ubuntu-latest + env: + RUNNER_TOOL_CACHE: /toolcache + ANSIBLE_VERSION: "8.7.0" + steps: + - name: Copy SSH Key + run: | + mkdir ~/.ssh/ + echo "Host *" > ~/.ssh/config + echo " StrictHostKeyChecking no" >> ~/.ssh/config + echo '${{secrets.SSH_PRIVATE_KEY}}' > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + - uses: actions/checkout@v3 + with: + submodules: recursive + + - name: "Cache python packages" + uses: actions/cache@v3 + with: + path: ~/.cache/pip + key: ${{ runner.os }}-${{ env.ANSIBLE_VERSION }} + + - name: Install Ansible + run: | + apt update -y + apt install python3-pip -y + python3 -m pip install ansible==${{ env.ANSIBLE_VERSION }} + + #- name: Install Ansible Galaxy requirements + # run: | + # ansible-galaxy install -r requirements.yaml \ No newline at end of file -- 2.43.0 From 55dcb558549935b57e2570ecf10800a570a3d72f Mon Sep 17 00:00:00 2001 From: Benjamin Hays Date: Sat, 12 Oct 2024 21:32:25 -0400 Subject: [PATCH 12/12] Revert "revert to pip version and try new caching method" This reverts commit 5b0d0aa13e3c6214255ff4cbf13f908b1463577c. --- .gitea/workflows/ansible-deploy.yml | 24 ++++++++++++++--- .gitea/workflows/ansible-install.yml | 39 ---------------------------- 2 files changed, 20 insertions(+), 43 deletions(-) delete mode 100644 .gitea/workflows/ansible-install.yml diff --git a/.gitea/workflows/ansible-deploy.yml b/.gitea/workflows/ansible-deploy.yml index 2368e0b..f7f2038 100644 --- a/.gitea/workflows/ansible-deploy.yml +++ b/.gitea/workflows/ansible-deploy.yml @@ -1,11 +1,7 @@ name: Ansible Deploy on: [push] jobs: - build: - uses: ./.gitea/workflows/ansible-install.yml - deploy: - needs: [ 'build' ] runs-on: ubuntu-latest env: RUNNER_TOOL_CACHE: /toolcache @@ -26,6 +22,26 @@ jobs: echo '${{secrets.SSH_PRIVATE_KEY}}' > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa + - uses: actions/checkout@v3 + with: + submodules: recursive + + - name: "Cache python packages" + uses: actions/cache@v3 + with: + path: ~/.cache/pip + key: ${{ runner.os }}-${{ env.ANSIBLE_VERSION }} + + - name: Install Ansible + run: | + apt update -y + apt install python3-pip -y + python3 -m pip install ansible==${{ env.ANSIBLE_VERSION }} + + #- name: Install Ansible Galaxy requirements + # run: | + # ansible-galaxy install -r requirements.yaml + - name: Run playbook uses: dawidd6/action-ansible-playbook@v2 with: diff --git a/.gitea/workflows/ansible-install.yml b/.gitea/workflows/ansible-install.yml deleted file mode 100644 index 1f78e34..0000000 --- a/.gitea/workflows/ansible-install.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Install Ansible using Pip - -on: - workflow_call: - -jobs: - build: - runs-on: ubuntu-latest - env: - RUNNER_TOOL_CACHE: /toolcache - ANSIBLE_VERSION: "8.7.0" - steps: - - name: Copy SSH Key - run: | - mkdir ~/.ssh/ - echo "Host *" > ~/.ssh/config - echo " StrictHostKeyChecking no" >> ~/.ssh/config - echo '${{secrets.SSH_PRIVATE_KEY}}' > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - - - uses: actions/checkout@v3 - with: - submodules: recursive - - - name: "Cache python packages" - uses: actions/cache@v3 - with: - path: ~/.cache/pip - key: ${{ runner.os }}-${{ env.ANSIBLE_VERSION }} - - - name: Install Ansible - run: | - apt update -y - apt install python3-pip -y - python3 -m pip install ansible==${{ env.ANSIBLE_VERSION }} - - #- name: Install Ansible Galaxy requirements - # run: | - # ansible-galaxy install -r requirements.yaml \ No newline at end of file -- 2.43.0