Merge branch 'master' of andrea.dellamico/ansible-playbooks into master

2019-05-01 16:35:45 +02:00 · 2019-05-01 16:35:45 +02:00 · 7e2c847a8d
parent 55586be943 fe87db7acd
commit 7e2c847a8d
9 changed files with 131 additions and 15 deletions
--- a/jenkins/common/defaults/main.yml
+++ b/jenkins/common/defaults/main.yml
@ -3,9 +3,12 @@
 jenkins_dest: "/var/lib/jenkins"
 jenkins_username: jenkins
 jenkins_group: jenkins
-jenkins_shell: /bin/bash
+jenkins_shell: /usr/bin/nologin
 jenkins_slaves_via_ssh: True
-jenkins_maven_config: True
+
 # These should go away
 jenkins_maven_config: False
 jenkins_maven_settings_dirs:
  - .m2
--- a/jenkins/common/tasks/main.yml
+++ b/jenkins/common/tasks/main.yml
@ -1,4 +1,26 @@
 ---
 - block:
  - name: Create the ssh key on the master node
    user: name={{ jenkins_username }} generate_ssh_key=True 
    delegate_to: '{{ item }}'
    with_items: '{{ groups.jenkins_master }}'
  - name: Get the master ssh keys
    become: True
    become_user: '{{ jenkins_username }}'
    shell: cat ~/.ssh/id_rsa.pub
    register: jenkins_pubkeys
  - name: Deploy the public ssh key on the slaves
    authorized_key: user={{ jenkins_username }} key={{ item[0] }}
    delegate_to: '{{ item[1] }}'
    with_nested:
      - '{{ jenkins_pubkeys.stdout }}'
      - "{{ groups['jenkins_slaves'] }}"
  when: jenkins_slaves_via_ssh
  tags: [ 'jenkins', 'jenkins_common', 'jenkins_master', 'jenkins_slave', 'jenkins_slaves' ]
 - block:
    - name: Create the maven setting directory
      file: dest={{ jenkins_dest }}/{{ item }} state=directory
--- a/jenkins/master/defaults/main.yml
+++ b/jenkins/master/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-jenkins_install: False
+jenkins_install: True
 jenkins_use_latest: False
 jenkins_pkg_state: latest
 jenkins_repo_key: 'https://pkg.jenkins.io/debian/jenkins-ci.org.key'
@ -14,10 +14,41 @@ jenkins_rh_latest_repo_key: https://pkg.jenkins.io/redhat/jenkins.io.key
 jenkins_packages:
  - jenkins
-jenkins_package_requirements:
+jenkins_deb_package_requirements:
  - curl
  - python-svn
  - dblatex
  - imagemagick
  - graphviz
  - fonts-dejavu
  - dos2unix
  - build-essential
  - curl
  - fabric
  - git
  - git-svn
  - maven
  - python-dev
  - sloccount
  - subversion
  - subversion-tools
  - unzip
 jenkins_rh_package_requirements:
  - curl
  - dblatex
  - docbook-utils-pdf
  - texlive-cmap
  - ImageMagick
  - graphviz
  - graphviz-java
  - graphviz-graphs
  - dejavu-sans-fonts
  - dejavu-sans-mono-fonts
  - dejavu-serif-fonts
  - dejavu-fonts-common
  - dos2unix
 jenkins_stb_support: False
 jenkins_sbt_launch_jars:
  - sbt-launch-0.11.0.jar
  - sbt-launch-0.12.jar
@ -31,7 +62,8 @@ jenkins_webroot: /var/cache/jenkins/war
 jenkins_username: jenkins
 jenkins_group: jenkins
 jenkins_shell: /bin/bash
-jenkins_restart_delay: 60
+jenkins_restart_delay: 20
 jenkins_restart_wait_timeout: 600
 jenkins_admin_user: admin
 jenkins_jdk_xmx: 4096M
 jenkins_jdk_gc_opts: "-XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
@ -41,7 +73,7 @@ jenkins_java_path: /usr/bin/java
 jenkins_cli_dest: "{{ jenkins_dest }}/jenkins-cli.jar" # Jenkins CLI destination
 jenkins_updates_dest: "{{ jenkins_dest }}/updates_jenkins.json" # Jenkins updates file
-jenkins_admin_user_pwd_file: "{{ jenkins_dest }}/.jenkins_admin_pwd"
+jenkins_admin_user_pwd_file: "{{ jenkins_dest }}/secrets/.jenkins_admin_pwd"
 jenkins_access_params:
  url_username: '{{ jenkins_admin_user }}'
@ -56,6 +88,7 @@ jenkins_plugins:
  - { name: 'github-api', state: 'latest', dependencies: 'True' }
  - { name: 'global-build-stats', state: 'latest', dependencies: 'True' }
  - { name: 'mailer', state: 'latest', dependencies: 'True' }
  - { name: 'matrix-project', state: 'latest', dependencies: 'True' }
  - { name: 'maven-plugin', state: 'latest', dependencies: 'True' }
  - { name: 'monitoring', state: 'latest', dependencies: 'True' }
  - { name: 'extended-read-permission', state: 'latest', dependencies: 'True' }
@ -71,4 +104,4 @@ jenkins_plugins:
  - { name: 'jquery-ui', state: 'latest', dependencies: 'True' }
  - { name: 'parameterized-trigger', state: 'latest', dependencies: 'True' }
  - { name: 'javadoc', state: 'latest', dependencies: 'True' }
-  - { name: 'job-dsl-plugin', state: 'latest', dependencies: 'True' }
+  - { name: 'job-dsl', state: 'latest', dependencies: 'True' }
--- a/jenkins/master/tasks/jenkins_deb_pkgs.yml
+++ b/jenkins/master/tasks/jenkins_deb_pkgs.yml
@ -12,17 +12,16 @@
    when: jenkins_use_latest
  - name: Install jenkins
-    apt: pkg={{ item }} state={{ jenkins_pkg_state }} update_cache=yes cache_valid_time=3600
+    apt: pkg={{ jenkins_packages }} state={{ jenkins_pkg_state }} update_cache=yes cache_valid_time=3600
    register: jenkins_install
    with_items: '{{ jenkins_packages }}'
  - name: Install some jenkins requirements
-    apt: pkg={{ item }} state={{ jenkins_pkg_state }} update_cache=yes cache_valid_time=3600
+    apt: pkg={{ jenkins_deb_package_requirements }} state={{ jenkins_pkg_state }} update_cache=yes cache_valid_time=3600
    with_items: '{{ jenkins_package_requirements }}'
  - name: install sbt launcher
    copy: src={{ item }} dest=/usr/local/lib/{{ item }}
    with_items: '{{ jenkins_sbt_launch_jars }}'
    when: jenkins_stb_support
  - name: Set the startup jenkins options
    template: src=jenkins.default.j2 dest=/etc/default/jenkins owner=root group=root mode=0444
@ -45,8 +44,7 @@
      service: name=jenkins state=stopped enabled=no
    - name: Remove jenkins
-      apt: pkg={{ item }} state=absent
+      apt: pkg={{ jenkins_packages }} state=absent
      with_items: '{{ jenkins_packages }}'
    - name: Remove the jenkins stable repository
      apt_repository: repo='{{ jenkins_stable_repo }}' state=absent update_cache=yes
--- a/jenkins/master/tasks/jenkins_init.yml
+++ b/jenkins/master/tasks/jenkins_init.yml
@ -0,0 +1,18 @@
 ---
 - block:
  - name: Create the groovy directory
    file: dest={{ jenkins_dest }}/init.groovy.d state=directory
  - name: Install a groovy script to initialize the Jenkins system
    template: src=admin_user.groovy dest={{ jenkins_dest }}/init.groovy.d/admin_user.groovy mode=0600
    register: jenkins_must_be_restarted
  - name: Restart jenkins if needed
    become_user: root
    service: name=jenkins state=restarted
    when: jenkins_must_be_restarted is changed
  become: True
  become_user: '{{ jenkins_username }}'
  when: jenkins_install
  tags: [ 'jenkins', 'jenkins_master' ]
--- a/jenkins/master/tasks/jenkins_plugins.yml
+++ b/jenkins/master/tasks/jenkins_plugins.yml
@ -3,7 +3,7 @@
    # Handle plugins
    # If Jenkins is installed or updated, wait for pulling the Jenkins CLI, assuming 10s should be sufficiant
    - name: Wait for jenkins
-      wait_for: port={{ jenkins_http_port }} delay={{ jenkins_restart_delay }}
+      wait_for: port={{ jenkins_http_port }} delay={{ jenkins_restart_delay }} state=started timeout={{ jenkins_restart_wait_timeout }}
      when: jenkins_has_been_restarted is changed or jenkins_has_been_started is changed
    # Create Jenkins CLI destination directory
@ -13,6 +13,19 @@
    - name: Get Jenkins CLI
      get_url: url={{ jenkins_local_url}}/jnlpJars/jenkins-cli.jar dest={{ jenkins_cli_dest }} mode=0440
    # - name: Check if Jenkins has been initialized already
    #   stat: path={{ jenkins_admin_user_pwd_file }}
    #   register: jenkins_pwd_path
    # - name: Get the initial admin password, if we have to initialize the service
    #   shell: cat '{{ jenkins_dest }}/secrets/initialAdminPassword'
    #   register: jenkins_admin_pwd
    #   when: not jenkins_pwd_path.stat.exists
    # # Create the Jenkins administrative user password file
    # - name: Create the Jenkins administrative user password file
    #   copy: content={{ jenkins_admin_pwd.stdout }} dest={{ jenkins_admin_user_pwd_file }} mode=600
    # Create the Jenkins administrative user password file
    - name: Create the Jenkins administrative user password file
      copy: content={{ jenkins_admin_pwd }} dest={{ jenkins_admin_user_pwd_file }} mode=600
--- a/jenkins/master/tasks/jenkins_rh_pkgs.yml
+++ b/jenkins/master/tasks/jenkins_rh_pkgs.yml
@ -28,6 +28,9 @@
    yum: pkg={{ jenkins_packages }} state={{ jenkins_pkg_state }}
    register: jenkins_install
  - name: Install jenkins additional packages
    yum: pkg={{ jenkins_rh_package_requirements }} state={{ jenkins_pkg_state }}
  - name: Set the startup jenkins options
    template: src=jenkins.default.j2 dest=/etc/sysconfig/jenkins owner=root group=root mode=0444
    register: jenkins_must_be_restarted
--- a/jenkins/master/tasks/main.yml
+++ b/jenkins/master/tasks/main.yml
@ -5,6 +5,8 @@
 - import_tasks: jenkins_rh_pkgs.yml
  when: ansible_distribution_file_variety != "Debian"
 - import_tasks: jenkins_init.yml
 - import_tasks: jenkins_plugins.yml
  when: jenkins_install
--- a/jenkins/master/templates/admin_user.groovy
+++ b/jenkins/master/templates/admin_user.groovy
@ -0,0 +1,24 @@
 #!groovy
 import java.util.logging.Level
 import java.util.logging.Logger
 import hudson.security.*
 import jenkins.model.*
 def instance = Jenkins.getInstance()
 def logger = Logger.getLogger(Jenkins.class.getName())
 logger.log(Level.INFO, "Ensuring that local user '{{ jenkins_admin_user }}' is created.")
 if (!instance.isUseSecurity()) {
    logger.log(Level.INFO, "Creating local admin user '{{ jenkins_admin_user }}'.")
    def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
    strategy.setAllowAnonymousRead(false)
    def hudsonRealm = new HudsonPrivateSecurityRealm(false)
    hudsonRealm.createAccount("{{ jenkins_admin_user }}", "{{ jenkins_admin_pwd }}")
    instance.setSecurityRealm(hudsonRealm)
    instance.setAuthorizationStrategy(strategy)
    instance.save()
 }