library/roles/jenkins: Add slaves and common tasks. Fix some tasks in the master role.

jenkins/common/defaults/main.yml

@@ -0,0 +1,12 @@
+---
+# There are some duplicates here
+jenkins_dest: "/var/lib/jenkins"
+jenkins_username: jenkins
+jenkins_group: jenkins
+jenkins_shell: /bin/bash
+
+jenkins_maven_config: True
+jenkins_maven_settings_dirs:
+  - .m2
+
+jenkins_maven_settings_url: http://localhost/settings.xml

jenkins/common/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- block:
+    - name: Create the maven setting directory
+      file: dest={{ jenkins_dest }}/{{ item }} state=directory
+      with_items: '{{ jenkins_maven_settings_dirs }}'
+
+    - name: Fetch the maven settings template file
+      become: False
+      become_user: root
+      run_once: True
+      get_url: url={{ jenkins_maven_settings_url }} dest=/tmp/settings.xml.j2 force=yes
+      delegate_to: localhost
+
+    - name: Install the maven settings
+      template: src=/tmp/settings.xml.j2 dest={{ jenkins_dest }}/.m2/settings.xml
+
+  become: True
+  become_user: '{{ jenkins_username }}'
+  when: jenkins_maven_config
+  tags: [ 'jenkins', 'jenkins_common', 'jenkins_master', 'jenkins_slave' ]

jenkins/master/defaults/main.yml

@@ -74,3 +74,5 @@ jenkins_plugins:
     enabled: True
   build-pipeline-plugin:
     enabled: True
+  build-timeout-plugin:
+    enabled: True

jenkins/master/tasks/main.yml

@@ -32,14 +32,13 @@
       service: name=jenkins state=started enabled=yes
 
   when: jenkins_install
-  tags: jenkins
+  tags: [ 'jenkins', 'jenkins_master' ]
 
 - block:
     # Handle plugins
     # If Jenkins is installed or updated, wait for pulling the Jenkins CLI, assuming 10s should be sufficiant
     - name: 120 seconds delay while starting Jenkins
       wait_for: port={{ jenkins_http_port }} delay={{ jenkins_restart_delay }}
-      when: jenkins_install | changed
 
     # Create Jenkins CLI destination directory
     - name: "Create Jenkins CLI destination directory"
@@ -55,14 +54,14 @@
     - name: Install plugins without a specific version
       jenkins_plugin: name="{{ item.key }}" params='{{ jenkins_access_params }}'
       register: my_jenkins_plugin_unversioned
-      when: 'version' not in item.value
-      with_dict: jenkins_plugins
+      when: '"version" not in item.value'
+      with_dict: '{{ jenkins_plugins }}'
 
     - name: Install plugins with a specific version
       jenkins_plugin: name="{{ item.key }}" version="{{ item.value['version'] }}" params='{{ jenkins_access_params }}'
       register: my_jenkins_plugin_versioned
-      when: 'version' in item.value
-      with_dict: jenkins_plugins
+      when: '"version" in item.value'
+      with_dict: '{{ jenkins_plugins }}'
 
     - name: Initiate the jenkins_restart_required fact
       set_fact:
@@ -72,16 +71,17 @@
       set_fact:
         jenkins_restart_required: yes
       when: item.changed
-      with_items: my_jenkins_plugin_versioned.results
+      with_items: '{{ my_jenkins_plugin_versioned.results }}'
 
     - name: Check if restart is required by any of the unversioned plugins
       set_fact:
         jenkins_restart_required: yes
       when: item.changed
-      with_items: my_jenkins_plugin_unversioned.results
+      with_items: '{{ my_jenkins_plugin_unversioned.results }}'
 
     - name: Restart Jenkins if required
-      service: name=jenkins state= restarted
+      become_user: root
+      service: name=jenkins state=restarted
       when: jenkins_restart_required
 
     - name: Wait for Jenkins to start up
@@ -105,18 +105,18 @@
 
     - name: Plugin pinning
       jenkins_plugin: name="{{ item.key }}" state="{{ 'pinned' if item.value['pinned'] else 'unpinned'}}" params='{{ jenkins_access_params }}'
-      when: 'pinned' in item.value
-      with_dict: jenkins_plugins
+      when: '"pinned" in item.value'
+      with_dict: '{{ jenkins_plugins }}'
 
     - name: Plugin enabling
       jenkins_plugin: name="{{ item.key }}" state="{{ 'enabled' if item.value['enabled'] else 'disabled'}}" params='{{ jenkins_access_params }}'
-      when: 'enabled' in item.value
-      with_dict: jenkins_plugins
+      when: '"enabled" in item.value'
+      with_dict: '{{ jenkins_plugins }}'
 
   become: True
   become_user: '{{ jenkins_username }}'
   when: jenkins_install
-  tags: [ 'jenkins', 'jenkins_plugins' ]
+  tags: [ 'jenkins', 'jenkins_plugins', 'jenkins_master' ]
 
 - block:
     - name: Ensure that jenkins is stoppend and disabled
@@ -140,4 +140,4 @@
       apt_key: url='{{ jenkins_repo_key }}' state=absent
 
   when: not jenkins_install
-  tags: jenkins
+  tags: [ 'jenkins', 'jenkins_master' ]

jenkins/slave/defaults/main.yml

@@ -0,0 +1,10 @@
+---
+jenkins_slave: False
+# There are some duplicates here
+jenkins_dest: "/var/lib/jenkins"
+jenkins_username: jenkins
+jenkins_group: jenkins
+jenkins_shell: /bin/bash
+jenkins_tmp_retain_days: 5
+# TODO: fetch the public key from the master
+#jenkins_master_pubkey:

jenkins/slave/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+- block: 
+    - name: add the user that will run the jenkins jobs
+      user: name={{ jenkins_username }} home={{ jenkins_dest }} shell={{ jenkins_shell }} generate_ssh_key=yes
+
+    - name: ensure the jenkins master has ssh access on each slave, as jenkins user
+      authorized_key: user={{ jenkins_username }} key="{{ item }}" state=present
+      with_items:
+        - '{{ jenkins_master_pubkey }}'
+
+    - name: Daily cron job to cleanup the /tmp junk
+      template: src={{ item }}.j2 dest=/etc/cron.daily/{{ item }} owner=root group=root mode=0755
+      with_items:
+        - tmp-cleaner
+
+  when: jenkins_slave
+  tags: [ 'jenkins', 'jenkins_slave' ]

jenkins/slave/templates/tmp-cleaner.j2

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+RETAIN_DAYS={{ jenkins_tmp_retain_days }}
+LOG_FILE=/var/log/tmp-cleaner.log
+find /tmp/ -ctime +${RETAIN_DAYS} -exec rm -fr  {} \; >>$LOG_FILE 2>&1
+
+exit 0
+