Various fixes to the jenkins playbook. No plugin can be installed before the initial jenkins configuration.

2019-01-24 18:29:09 +01:00 · 2019-01-24 18:29:09 +01:00 · edeca5608c
parent 48d5e03ea7
commit edeca5608c
7 changed files with 94 additions and 149 deletions
--- a/jenkins/master/defaults/main.yml
+++ b/jenkins/master/defaults/main.yml
@ -25,18 +25,19 @@ jenkins_sbt_launch_jars:

 jenkins_http_port: 8080
 jenkins_http_host: 127.0.0.1
-jenkins_local_url: 'http://{{ jenkins_http_host }}:{{ jenkins_http_port }}'
+jenkins_local_url: 'http://127.0.0.1:{{ jenkins_http_port }}'
 jenkins_dest: "/var/lib/jenkins"
 jenkins_webroot: /var/cache/jenkins/war
 jenkins_username: jenkins
 jenkins_group: jenkins
 jenkins_shell: /bin/bash
-jenkins_restart_delay: 120
-jenkins_admin_user: jenkins.admin
+jenkins_restart_delay: 60
+jenkins_admin_user: admin
 jenkins_jdk_xmx: 4096M
 jenkins_jdk_gc_opts: "-XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
 jenkins_ajp_port: -1
 jenkins_servlet_context: /
+jenkins_java_path: /usr/bin/java

 jenkins_cli_dest: "{{ jenkins_dest }}/jenkins-cli.jar" # Jenkins CLI destination
 jenkins_updates_dest: "{{ jenkins_dest }}/updates_jenkins.json" # Jenkins updates file
@ -48,41 +49,26 @@ jenkins_access_params:
  url: '{{ jenkins_local_url }}'

 jenkins_plugins:
-  chucknorris:
-    enabled: True
-  credentials:
-    enabled: True
-  disk-usage:
-    enabled: True
-  github:
-    enabled: True
-  github-api:
-    enabled: True
-  global-build-stats:
-    enabled: True
-  mailer:
-    enabled: True
-  maven-plugin:
-    enabled: True
-  monitoring:
-    enabled: True
-  extended-read-permission:
-    enabled: True
-  dependency-queue-plugin:
-    enabled: True
-  dependencyanalyzer:
-    enabled: True
-  depgraph-view:
-    enabled: True
-  progress-bar-column-plugin:
-    enabled: True
-  slave-utilization-plugin:
-    enabled: True
-  build-pipeline-plugin:
-    enabled: True
-  build-timeout-plugin:
-    enabled: True
-  embeddable-build-status:
-    enabled: True
-  github-branch-source:
-    enabled: True
+  - { name: 'chucknorris', state: 'latest', dependencies: 'True' }
+  - { name: 'credentials', state: 'latest', dependencies: 'True' }
+  - { name: 'disk-usage', state: 'latest', dependencies: 'True' }
+  - { name: 'github', state: 'latest', dependencies: 'True' }
+  - { name: 'github-api', state: 'latest', dependencies: 'True' }
+  - { name: 'global-build-stats', state: 'latest', dependencies: 'True' }
+  - { name: 'mailer', state: 'latest', dependencies: 'True' }
+  - { name: 'maven-plugin', state: 'latest', dependencies: 'True' }
+  - { name: 'monitoring', state: 'latest', dependencies: 'True' }
+  - { name: 'extended-read-permission', state: 'latest', dependencies: 'True' }
+  - { name: 'dependency-queue-plugin', state: 'latest', dependencies: 'True' }
+  - { name: 'dependencyanalyzer', state: 'latest', dependencies: 'True' }
+  - { name: 'depgraph-view', state: 'latest', dependencies: 'True' }
+  - { name: 'progress-bar-column-plugin', state: 'latest', dependencies: 'True' }
+  - { name: 'slave-utilization-plugin', state: 'latest', dependencies: 'True' }
+  - { name: 'build-pipeline-plugin', state: 'latest', dependencies: 'True' }
+  - { name: 'embeddable-build-status', state: 'latest', dependencies: 'True' }
+  - { name: 'github-branch-source', state: 'latest', dependencies: 'True' }
+  - { name: 'jquery', state: 'latest', dependencies: 'True' }
+  - { name: 'jquery-ui', state: 'latest', dependencies: 'True' }
+  - { name: 'parameterized-trigger', state: 'latest', dependencies: 'True' }
+  - { name: 'javadoc', state: 'latest', dependencies: 'True' }
+  - { name: 'job-dsl-plugin', state: 'latest', dependencies: 'True' }
--- a/jenkins/master/handlers/main.yml
+++ b/jenkins/master/handlers/main.yml
@ -1,28 +1,3 @@
 ---
- name: Update apt cache
-  apt: update_cache=yes
-
- name: Reload nginx
-  service: name=nginx state=reloaded
-
- name: Set permissions on the javadoc dir
-  raw: chown -R {{ jenkins.username }}:{{ jenkins.group }} {{ jenkins.dnet_javadoc_dir }}/
-
- name: Set permissions on the webroot public dir
-  raw: chown -R {{ jenkins.username }}:{{ jenkins.group }} {{ nginx.web_root }}/public/
-
- name: Start sonar
-  service: name=sonar state=started
-
- name: Stop sonar
-  service: name=sonar state=stopped
-
- name: Restart sonar
-  service: name=sonar state=restarted
-
 - name: Restart jenkins
  service: name=jenkins state=restarted
-
- name: Reload nginx
-  service: name=nginx state=reloaded
-
--- a/jenkins/master/tasks/jenkins_deb_pkgs.yml
+++ b/jenkins/master/tasks/jenkins_deb_pkgs.yml
@ -26,7 +26,16 @@

  - name: Set the startup jenkins options
    template: src=jenkins.default.j2 dest=/etc/default/jenkins owner=root group=root mode=0444
-    notify: Restart jenkins
+    register: jenkins_must_be_restarted
+
+  - name: Start and enable the Jenkins service
+    service: name=jenkins state=started enabled=yes
+    register: jenkins_has_been_started
+
+  - name: Restart jenkins if the configuration changed
+    service: name=jenkins state=restarted
+    when: jenkins_must_be_restarted is changed
+    register: jenkins_has_been_restarted

  when: jenkins_install
  tags: [ 'jenkins', 'jenkins_master' ]
--- a/jenkins/master/tasks/jenkins_plugins.yml
+++ b/jenkins/master/tasks/jenkins_plugins.yml
@ -2,81 +2,32 @@
 - block:
    # Handle plugins
    # If Jenkins is installed or updated, wait for pulling the Jenkins CLI, assuming 10s should be sufficiant
-    - name: 120 seconds delay while starting Jenkins
+    - name: Wait for jenkins
      wait_for: port={{ jenkins_http_port }} delay={{ jenkins_restart_delay }}
+      when: jenkins_has_been_restarted is changed or jenkins_has_been_started is changed

    # Create Jenkins CLI destination directory
    - name: "Create Jenkins CLI destination directory"
      file: path={{ jenkins_dest }} state=directory

    - name: Get Jenkins CLI
-      get_url: url=http://localhost:{{ jenkins_http_port }}/jnlpJars/jenkins-cli.jar dest={{ jenkins_cli_dest }} mode=0440
+      get_url: url={{ jenkins_local_url}}/jnlpJars/jenkins-cli.jar dest={{ jenkins_cli_dest }} mode=0440

    # Create the Jenkins administrative user password file
    - name: Create the Jenkins administrative user password file
      copy: content={{ jenkins_admin_pwd }} dest={{ jenkins_admin_user_pwd_file }} mode=600

    - name: Install plugins without a specific version
-      jenkins_plugin: name="{{ item.key }}" params='{{ jenkins_access_params }}'
-      register: my_jenkins_plugin_unversioned
-      when: '"version" not in item.value'
-      with_dict: '{{ jenkins_plugins }}'
+      jenkins_plugin: name="{{ item.name }}" state={{ item.state | default('latest') }} with_dependencies={{ item.dependencies | default(True) }} url={{ jenkins_local_url }} url_username={{ jenkins_access_params.url_username }} url_password={{ jenkins_access_params.url_password }} 
+      when: item.version is not defined
+      with_items: '{{ jenkins_plugins }}'
+      notify: Restart jenkins

    - name: Install plugins with a specific version
-      jenkins_plugin: name="{{ item.key }}" version="{{ item.value['version'] }}" params='{{ jenkins_access_params }}'
-      register: my_jenkins_plugin_versioned
-      when: '"version" in item.value'
-      with_dict: '{{ jenkins_plugins }}'
-
-    - name: Initiate the jenkins_restart_required fact
-      set_fact:
-        jenkins_restart_required: no
-
-    - name: Check if restart is required by any of the versioned plugins
-      set_fact:
-        jenkins_restart_required: yes
-      when: item is changed
-      with_items: '{{ my_jenkins_plugin_versioned.results }}'
-
-    - name: Check if restart is required by any of the unversioned plugins
-      set_fact:
-        jenkins_restart_required: yes
-      when: item is changed
-      with_items: '{{ my_jenkins_plugin_unversioned.results }}'
-
-    - name: Restart Jenkins if required
-      become_user: root
-      service: name=jenkins state=restarted
-      when: jenkins_restart_required
-
-    - name: Wait for Jenkins to start up
-      uri:
-        url: '{{ jenkins_local_url }}'
-        status_code: 200
-        timeout: 5
-      register: jenkins_service_status
-      # Keep trying for 5 mins in 5 sec intervals
-      retries: 60
-      delay: 5
-      until: >
-         'status' in jenkins_service_status and
-         jenkins_service_status['status'] == 200
-      when: jenkins_restart_required
-
-    - name: Reset the jenkins_restart_required fact
-      set_fact:
-        jenkins_restart_required: no
-      when: jenkins_restart_required
-
-    - name: Plugin pinning
-      jenkins_plugin: name="{{ item.key }}" state="{{ 'pinned' if item.value['pinned'] else 'unpinned'}}" params='{{ jenkins_access_params }}'
-      when: '"pinned" in item.value'
-      with_dict: '{{ jenkins_plugins }}'
-
-    - name: Plugin enabling
-      jenkins_plugin: name="{{ item.key }}" state="{{ 'enabled' if item.value['enabled'] else 'disabled'}}" params='{{ jenkins_access_params }}'
-      when: '"enabled" in item.value'
-      with_dict: '{{ jenkins_plugins }}'
+      jenkins_plugin: name="{{ item.name }}" state={{ item.state | default('latest') }} version='{{ item.version }}' url={{ jenkins_local_url }} url_username={{ jenkins_access_params.url_username }} url_password={{ jenkins_access_params.url_password }} 
+      when: item.version is defined
+      with_items: '{{ jenkins_plugins }}'
+      notify: Restart jenkins

  become: True
  become_user: '{{ jenkins_username }}'
--- a/jenkins/master/tasks/jenkins_rh_pkgs.yml
+++ b/jenkins/master/tasks/jenkins_rh_pkgs.yml
@ -5,10 +5,10 @@
      name: Jenkins
      description: Jenkins stable repository
      file: jenkins
-      baseurl: {{ jenkins_rh_stable_repo}}
+      baseurl: '{{ jenkins_rh_stable_repo}}'
      enabled: yes
      gpgcheck: True
-      gpgkey: {{ jenkins_rh_stable_repo_key }}
+      gpgkey: '{{ jenkins_rh_stable_repo_key }}'
      state: present
    when: not jenkins_use_latest

@ -17,10 +17,10 @@
      name: Jenkins
      description: Jenkins latest repository
      file: jenkins
-      baseurl: {{ jenkins_rh_latest_repo}}
+      baseurl: '{{ jenkins_rh_latest_repo}}'
      enabled: yes
      gpgcheck: True
-      gpgkey: {{ jenkins_rh_latest_repo_key }}
+      gpgkey: '{{ jenkins_rh_latest_repo_key }}'
      state: present
    when: jenkins_use_latest

@ -28,13 +28,23 @@
    yum: pkg={{ jenkins_packages }} state={{ jenkins_pkg_state }}
    register: jenkins_install

+  - name: Set the startup jenkins options
+    template: src=jenkins.default.j2 dest=/etc/sysconfig/jenkins owner=root group=root mode=0444
+    register: jenkins_must_be_restarted
+
+  - name: Start and enable the Jenkins service
+    service: name=jenkins state=started enabled=yes
+    register: jenkins_has_been_started
+
+  - name: Restart jenkins if the configuration changed
+    service: name=jenkins state=restarted
+    when: jenkins_must_be_restarted is changed
+    register: jenkins_has_been_restarted
+
  when: jenkins_install
  tags: [ 'jenkins', 'jenkins_master' ]

 - block:
-    - name: Ensure that jenkins is stoppend and disabled
-      service: name=jenkins state=stopped enabled=no
-
    - name: Remove jenkins
      yum: pkg={{ jenkins_packages }} state=absent

@ -46,3 +56,4 @@

  when: not jenkins_install
  tags: [ 'jenkins', 'jenkins_master' ]
+
--- a/jenkins/master/tasks/main.yml
+++ b/jenkins/master/tasks/main.yml
@ -3,7 +3,7 @@
  when: ansible_distribution_file_variety == "Debian"

 - import_tasks: jenkins_rh_pkgs.yml
-  when: ansible_distribution_file_variety == "RedHat"
+  when: ansible_distribution_file_variety != "Debian"

 - import_tasks: jenkins_plugins.yml
  when: jenkins_install
--- a/jenkins/master/templates/jenkins.default.j2
+++ b/jenkins/master/templates/jenkins.default.j2
@ -1,15 +1,18 @@
-# defaults for jenkins continuous integration server
-
 # pulled in from the init script; makes things easier.
 NAME=jenkins

-# location of java
-JAVA=/usr/bin/java
+# Java executable to run Jenkins
+# When left empty, we'll try to find the suitable Java.
+#
+JENKINS_JAVA_CMD="{{ jenkins_java_path }}"

 # arguments to pass to java
 JAVA_ARGS="-server -Djava.awt.headless=true -Xmx{{ jenkins_jdk_xmx }}"
 JAVA_ARGS="-Djava.net.preferIPv4Stack=true $JAVA_ARGS" # make jenkins listen on IPv4 address
 JAVA_ARGS="$JAVA_ARGS {{ jenkins_jdk_gc_opts }}"
+JAVA_ARGS="$JAVA_ARGS -Djenkins.install.runSetupWizard=false"
+
+JENKINS_JAVA_OPTIONS="$JAVA_ARGS"

 PIDFILE=/var/run/jenkins/jenkins.pid

@ -17,7 +20,11 @@ PIDFILE=/var/run/jenkins/jenkins.pid
 JENKINS_USER={{ jenkins_username }}

 # location of the jenkins war file
+{% if ansible_distribution_file_variety == "Debian" %}
 JENKINS_WAR=/usr/share/jenkins/jenkins.war
+{% else %}
+JENKINS_WAR=/usr/lib/jenkins/jenkins.war
+{% endif %}

 # jenkins home location
 JENKINS_HOME={{ jenkins_dest }}
@ -30,6 +37,10 @@ RUN_STANDALONE=true
 # log location.  this may be a syslog facility.priority
 JENKINS_LOG=/var/log/jenkins/$NAME.log
 #HUDSON_LOG=daemon.info
+JENKINS_DEBUG_LEVEL="5"
+JENKINS_ENABLE_ACCESS_LOG="no"
+JENKINS_HANDLER_MAX="100"
+JENKINS_HANDLER_IDLE="20"

 # OS LIMITS SETUP
 #   comment this out to observe /etc/security/limits.conf
@ -39,24 +50,26 @@ JENKINS_LOG=/var/log/jenkins/$NAME.log
 MAXOPENFILES=8192

 HTTP_HOST={{ jenkins_http_host }}
+JENKINS_LISTEN_ADDRESS="${HTTP_HOST}"

 # port for HTTP connector (default 8080; disable with -1)
 HTTP_PORT={{ jenkins_http_port }}
+JENKINS_PORT="${HTTP_PORT}"

 # port for AJP connector (disabled by default)
 AJP_PORT={{ jenkins_ajp_port }}

+JENKINS_HTTPS_PORT=""
+JENKINS_HTTPS_KEYSTORE=""
+JENKINS_HTTPS_KEYSTORE_PASSWORD=""
+JENKINS_HTTPS_LISTEN_ADDRESS=""
+
 # servlet context, important if you want to use apache proxying  
 PREFIX=/{{ jenkins_servlet_context }}

-# arguments to pass to jenkins.
-# --javahome=$JAVA_HOME
-# --httpPort=$HTTP_PORT (default 8080; disable with -1)
-# --httpsPort=$HTTP_PORT
-# --ajp13Port=$AJP_PORT
-# --argumentsRealm.passwd.$ADMIN_USER=[password]
-# --argumentsRealm.$ADMIN_USER=admin
-# --webroot=~/.jenkins/war
-# --prefix=$PREFIX
-
+{% if ansible_distribution_file_variety == "Debian" %}
 JENKINS_ARGS="--webroot={{ jenkins_webroot }} --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT --httpListenAddress=$HTTP_HOST"
+{% else %}
+JENKINS_ARGS=""
+{% endif %}
+