osu-itis / ansible-github-enterprise Goto Github PK

View Code? Open in Web Editor NEW

9.0 5.0 6.0 29 KB

Ansible playbook for GitHub Enterprise

Python 100.00%

github-enterprise ansible-playbook

ansible-github-enterprise's Introduction

ansible-github-enterprise

Ansible playbook for GitHub Enterprise

This playbook assumes you are running GitHub Enterprise under SSL.

Requirements

This playbook has been tested with Ansible running Python 3.8.x

Roles

upgrade_ghe - upgrade GHE to latest version (as determined by ghe-update-check)

Configuration

For dev, stage, prod, etc., create an inventory and variable file for each infrastructure type.

Example inventory/dev:

[dev]
github-dev.someplace.edu:122

Example group_vars/dev:

---
ghe:
  sign_in_check_string: Sign in to your account
  #upgrade_package_url: https://github-enterprise.s3.amazonaws.com/esx/updates/github-enterprise-esx-2.7.1.pkg
  #force_upgrade_to_latest: true
  #validate_cert: true
zenoss_uid: /zport/dmd/Devices/Server/Linux/devices/github-dev.someplace.edu
vm_name: changeme

ghe.sign_in_check_string - The string to search for when checking if the application has successfully come back up after an upgrade. For deployments using the default GitHub authentication, the value should be 'Sign in to your account' as shown in the example.
ghe.force_upgrade_to_latest (optional) - Force ghe-update-check to ignore the current release series in favor of the latest version available.
ghe.upgrade_package_url (optional) - Force the playbook to download and run the specified upgrade package file. Hotpatch package files are also supported. This option overrides ghe.force_upgrade_to_latest and should only be used to install a specific version.
ghe.validate_cert (optional) - Set to false to skip SSL certificate validation when checking if the application has successfully come back up after an upgrade. Not recommended unless you really need this!
zenoss_uid (optional) - Zenoss device uid for managing maintenance state
vm_name (optional) - VMware VM name that is running GitHub Enterprise

If zenoss_uid and vm_name config options are defined, group_vars/all must contain the configuration for Zenoss and VMware that will apply across all infrastructure types:

---
zenoss:
    hostname: '{{ lookup("env", "ZENOSS_HOSTNAME") }}'
    user: '{{ lookup("env", "ZENOSS_USERNAME") }}'
    password: '{{ lookup("env", "ZENOSS_PASSWORD") }}'
vmware:
    hostname: '{{ lookup("env", "VCENTER_HOSTNAME") }}'
    user: '{{ lookup("env", "VCENTER_USERNAME") }}'
    password: '{{ lookup("env", "VCENTER_PASSWORD") }}'
    skip_certcheck: false

You are strongly encouraged to use environment variables to provide credentials!

Upgrading GitHub Enterprise

ansible-playbook -i inventory/dev upgrade_ghe.yml

ansible-github-enterprise's People

Contributors

Stargazers

Watchers

Forkers

ptierno sidvenugop gearrington joedoss pramodhm112 automateversioncontrol

ansible-github-enterprise's Issues

Check for configuration run in progress

Upgrades to 2.14 fail with the following error:

TASK [upgrade-ghe : disable maintenance mode in GHE] ***************************
fatal: [github-stage.someplace.edu]: FAILED! => {"changed": false, "cmd": ["ghe-maintenance", "-u"], "delta": "0:00:00.096351", "end": "2018-07-12 17:29:12.469892", "msg": "non-zero return code", "rc": 1, "start": "2018-07-12 17:29:12.373541", "stderr": "", "stderr_lines": [], "stdout": "A configuration run is currently in progress. Unable to unset maintenance mode. Please try again after the configuration run is completed.", "stdout_lines": ["A configuration run is currently in progress. Unable to unset maintenance mode. Please try again after the configuration run is completed."]}
	to retry, use: --limit @/opt/ansible/ansible-github-enterprise/upgrade_ghe.retry

Add a check before this task that determines if the configuration run is complete or not before proceeding.

Parameterize zenoss and vmware steps

This playbook currently updates maintenance status in Zenoss and takes a snapshot of the VM in VMware whether one needs it or not. It would be nice to pull those steps out and make them optional for those who don't use Zenoss or VMware in their infrastructures.

Support hotpatches for patch release upgrades

https://help.github.com/enterprise/2.11/admin/guides/installation/upgrading-github-enterprise/#upgrading-a-single-appliance-using-a-hotpatch

Do not fail if GHE is already at the latest version

If this playbook is run on a GHE instance that is already at the latest version, the playbook run results in a hard failure. We should check for this condition and handle it gracefully.

Add "no_log" to set production state in zenoss task

no_log: true is missing from, and needs to be added to, the "set production state in zenoss" task.

Warnings thrown when running playbook with ansible 2.3.x

A few warnings are now being thrown when running this playbook in ansible 2.3.x.

TASK [upgrade-ghe : verify ghe-update-check results] ***************************
 [WARNING]: when statements should not include jinja2 templating delimiters

TASK [upgrade-ghe : set maintenance state in zenoss] ***************************
 [WARNING]: Module did not set no_log for password

etc.

Whatever ansible is complaining about here should probably be fixed.

Add support for GitHub Enterprise 2.21 ghe-upgrade-check changes

In GitHub Enterprise 2.21, the ghe-upgrade-check command now returns two different strings depending on if the -i flag is given. This causes the current playbook to handle the version check incorrectly and attempt to upgrade even if GHE is already running the latest version.