Skip to content

Ansible in Gitlab CI Pipeline

These are some notes on using the latest Ansible with the latest Gitlab CI pipelines, as of 2019-06-29 at least.

File variables

Go into Settings, CI/CD, Variables and create a variable of type File. This means the value of the variable will actually be the path to a temporary file containing the contents of the variable.

So a pipeline using Ansible might have a script command like this.

- ansible-playbook -i "$ANSIBLE_INVENTORY_STAGING" deploy.yml -t bootstrap --vault-id="project@$ANSIBLE_VAULT_PASSWORD_FILE"

Can also be used for private ssh keys by for example creating a variable called SSH_PRIVATE_KEY in Gitlab Variables and then using it as a File path.

- eval $(ssh-agent -s)
- chmod 0600 "$SSH_PRIVATE_KEY"
- ssh-add "$SSH_PRIVATE_KEY"

Example .gitlab-ci.yml

This file is from a Siptrackd repo so aims to test and deploy siptrackd from its repo.

image: python:2.7-stretch

    PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"

 1.  test
 2.  deploy

    - .cache/pip
    - _trial_temp

 1.  python -V

    stage: test
    - apt-get update -y
    - apt-get install libldap2-dev libmariadb-dev libsasl2-dev -y
    - pip install -r requirements.txt
    - python install
    - python -m twisted.trial tests

    stage: deploy
    # prep environment for installing and running ansible
    - eval $(ssh-agent -s)
    - chmod 0600 "$SSH_PRIVATE_KEY"
    - ssh-add "$SSH_PRIVATE_KEY"
    - mkdir -p ~/.ssh
    - cp "$SSH_CONFIG" ~/.ssh/config
    - chmod 0600 ~/.ssh/config

    # install and run ansible
    - pip install ansible
    - echo git clone "$ANSIBLE_GIT_REPO" ansible
    - git clone "$ANSIBLE_GIT_REPO" ansible
    - pushd ansible
    - ansible-galaxy install -r requirements.yml
    - ansible-playbook -i "$ANSIBLE_INVENTORY_STAGING" update.yml -t backend
    - ansible-playbook -i "$ANSIBLE_INVENTORY_STAGING" update.yml -t frontend
    - popd

    - staging


  • SSH_PRIVATE_KEY - A private key created for deploying this siptrackd software, it's created as a File variable in Gitlab.
  • SSH_CONFIG - A ready made config for all the hosts that we need to talk to, and being able to set various options to be used when git clones over ssh.
  • ANSIBLE_GIT_REPO - The git repo of the Playbooks that can install the siptrackd service.
  • ANSIBLE_INVENTORY_STAGING - Path to an inventory file specific for the staging environment. This inventory file can set some top level variables to control how the service is setup and separated from other instances on the same server.

Last update: August 31, 2021