Make all ansible role tasks infinity retry by yq

So you want mitigate connectivity problem during installation

In main.yml you have

- name: Install requirements packages
  yum:
    name:
      - epel-release
      - jq
- name: Install Icinga packages
  yum:
    name:
      - icinga2      

Run

yq -i '(.[] | select (has("yum")) | .yum.retries) = 10 ' main.yml
yq -i '(.[] | select (has("yum")) | .yum.delay) = 5 ' main.yml
yq -i '(.[] | select (has("yum")) | .yum.until) = "result | succeeded" ' main.yml
# I am too lazy to figure out one line code

Now you have

- name: Install requirements packages
  yum:
    name:
      - epel-release
      - jq
    retries: 10
    delay: 5
    until: result | succeeded
- name: Install Icinga packages
  yum:
    name:
      - icinga2
    retries: 10
    delay: 5
    until: result | succeeded

Build Periodically in Jenkins Templating Engine

翻半天資料才找到 Jenkins Templating Engine 怎麼做定期建置

Free Style Job

GUI 點一點就好，很簡單

Declarative Pipeline

也很簡單，pipeline 裡面宣告一下就好

pipeline {
  agent any

  triggers {
      cron('H 0 1,15 * *')
  }

Jenkins Templating Engine

https://boozallen.github.io/sdp-docs/jte/2.2.2/index.html
JTE 支援兩種方式，Scripted Pipeline 跟 Declarative Pipeline，Scripted 較早出也較成熟。
設定的方式非常不直覺，其實在任何一個 stage 裡面的 node scope 設定 properties 就可以。

cat libraries/common/steps/common_init.groovy

@Init

void call() {
  stage('Common: Init'){
    node {
      properties([pipelineTriggers([cron('H 0 1,15 * *')])])
      cleanWs(disableDeferredWipeout: true)
      checkout scm        
    }
  }
}

Argo CD PreSync 雞蛋問題

如果你看 Argo CD Resource Hooks 官方文件，會告訴你 PreSync 可以拿來做 database schema migration，然而這是有問題的。

這有個問題，譬如說外部的資料庫我們會這樣宣告

apiVersion: v1
kind: Service
metadata:
  name: postgres
spec:
  type: ExternalName
  externalName: foo.bar.us-east-2.rds.amazonaws.com

大部分像這樣的 Resource 都是在 PreSync 之後的 Sync phase 去同步的，這就造成 Application 第一次安裝的時候，尚未跑到 Sync phase -> 資料庫不存在 -> PreSync 階段的 databae schema migration kind: Job 就會失敗。

如果把 kind: Service 標記成 Presync phase 會有另一個問題，Presync hook 成功跑完以後就會消失。(另一個模式是每次跑之前砍掉重建，問題差不多)

由於會消失，像是 kind: Service 或是 kind: PersistentVOlume 就不能放在 Presync phase。

解決方法是改用 Sync Waves

apiVersion: v1
kind: Service
metadata:
  name: postgres
  annotations:
    argocd.argoproj.io/sync-wave: "-1"  
spec:
  type: ExternalName
  externalName: foo.bar.us-east-2.rds.amazonaws.com

透過自由標記正負整數來控制執行順序，都 2021 了還有這種非 DAG 的設計也頗為奇妙。Flux CD 則是設計成比較好用的 spec.dependsOn

參考資料：

• # PreSync hook resources are recreated on sync
• # PVC with Pre-Sync or Helm’s Pre-Install annotation getting terminated by argo during every sync process