ansible/configs/ansible-cicd-lab/README.adoc
@@ -14,7 +14,8 @@ - bastion - this is the host through which you can easily connect to all the other ones. - tower1 - the Ansible Tower server - cicd1 - The CI/CD server (or build and test host) with Jenkins and Gogs pre-installed - app1 and appdb1 - two "playground hosts * the Jenkins server is available under http://cicd1.GUID.example.opentlc.com:8080, the user is _admin_ (with the usual password) - app1 and appdb1 - two "playground" hosts You may connect to the bastion host using the credentials given to you (by e-mail or GUID grabber) and from there jump to the other servers.
@@ -52,7 +52,7 @@ # This varialbe is no longer needed. ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem #ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem set_env_authorized_key: true @@ -251,3 +251,17 @@ cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer " ### variables necessary for Jenkins deployment java_packages: java-1.8.0-openjdk # newer Jenkins don't work with older versions jenkins_plugins: - git # Git Plugin - multiple-scms # Multiple SCMs Plugin - tap # Tap Plugin - conditional-buildstep # Conditional BuildStep Plugin - workflow-aggregator # Pipeline Plugin - parameterized-trigger # Parameterized Trigger Plugin - extended-choice-parameter # Extended Choice Parameter jenkins_plugin_timeout: 240 # Jenkins tends to run into timeout while installing plug-ins jenkins_admin_password: r3dh4t1! ansible/configs/ansible-cicd-lab/post_software.yml
@@ -10,7 +10,7 @@ - name: Configure all hosts with Repositories, Common Files and Set environment key hosts: - bastions[0] - cicd* become: true gather_facts: False vars_files: @@ -18,6 +18,10 @@ - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" tags: - install_ci_components pre_tasks: - name: gather ansible_os_family and ansible_distribution facts for Jenkins setup: filter: 'ansible_[od][si]*' roles: - { role: "{{ ANSIBLE_REPO_PATH }}/roles/host-gogs-server" } - { role: "{{ ANSIBLE_REPO_PATH }}/roles/host-jenkins-server" } ansible/configs/ansible-cicd-lab/requirements.yml
New file @@ -0,0 +1,5 @@ # Use with `ansible-galaxy install --force -r requirements.yml -p ../../roles/` # (only during development, not during installation) --- - src: geerlingguy.jenkins name: host-jenkins-server ansible/roles/geerlingguy.java/.gitignore
New file @@ -0,0 +1,2 @@ *.retry tests/test.sh ansible/roles/geerlingguy.java/.travis.yml
New file @@ -0,0 +1,31 @@ --- services: docker env: - distro: centos7 - distro: centos6 - distro: fedora27 - distro: ubuntu1804 - distro: ubuntu1604 - distro: ubuntu1404 - distro: ubuntu1204 - distro: debian9 - distro: debian8 script: # Configure test script so we can run extra tests after playbook is run. - export container_id=$(date +%s) - export cleanup=false # Download test shim. - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/ - chmod +x ${PWD}/tests/test.sh # Run tests. - ${PWD}/tests/test.sh # Ensure Java is installed. - 'docker exec --tty ${container_id} env TERM=xterm which java' notifications: webhooks: https://galaxy.ansible.com/api/v1/notifications/ ansible/roles/geerlingguy.java/LICENSE
New file @@ -0,0 +1,20 @@ The MIT License (MIT) Copyright (c) 2017 Jeff Geerling Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ansible/roles/geerlingguy.java/README.md
New file @@ -0,0 +1,66 @@ # Ansible Role: Java [](https://travis-ci.org/geerlingguy/ansible-role-java) Installs Java for RedHat/CentOS and Debian/Ubuntu linux servers. ## Requirements None. ## Role Variables Available variables are listed below, along with default values: # The defaults provided by this role are specific to each distribution. java_packages: - java-1.7.0-openjdk Set the version/development kit of Java to install, along with any other necessary Java packages. Some other options include are included in the distribution-specific files in this role's 'defaults' folder. java_home: "" If set, the role will set the global environment variable `JAVA_HOME` to this value. ## Dependencies None. ## Example Playbook (using default package, usually OpenJDK 7) - hosts: servers roles: - geerlingguy.java ## Example Playbook (install OpenJDK 8) For RHEL / CentOS: - hosts: server roles: - role: geerlingguy.java when: "ansible_os_family == 'RedHat'" java_packages: - java-1.8.0-openjdk For Ubuntu < 16.04: - hosts: server tasks: - name: installing repo for Java 8 in Ubuntu apt_repository: repo='ppa:openjdk-r/ppa' - hosts: server roles: - role: geerlingguy.java when: "ansible_os_family == 'Debian'" java_packages: - openjdk-8-jdk ## License MIT / BSD ## Author Information This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). ansible/roles/geerlingguy.java/defaults/main.yml
New file @@ -0,0 +1,6 @@ --- # Set java_packages if you would like to use a different version than the # default (OpenJDK 1.7). # java_packages: [] java_home: "" ansible/roles/geerlingguy.java/meta/.galaxy_install_info
New file @@ -0,0 +1 @@ {install_date: 'Tue Aug 21 09:40:24 2018', version: 1.8.1} ansible/roles/geerlingguy.java/meta/main.yml
New file @@ -0,0 +1,39 @@ --- dependencies: [] galaxy_info: author: geerlingguy description: Java for Linux company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" min_ansible_version: 2.4 platforms: - name: EL versions: - 6 - 7 - name: Fedora versions: - all - name: Debian versions: - wheezy - jessie - stretch - name: Ubuntu versions: - precise - trusty - xenial - bionic - name: FreeBSD versions: - 10.2 galaxy_tags: - development - system - web - java - jdk - openjdk - oracle ansible/roles/geerlingguy.java/tasks/main.yml
New file @@ -0,0 +1,37 @@ --- - name: Include OS-specific variables. include_vars: "{{ ansible_os_family }}.yml" when: - ansible_os_family != 'Debian' - ansible_distribution != 'Fedora' - name: Include OS-specific variables for Fedora. include_vars: "{{ ansible_distribution }}.yml" when: ansible_distribution == 'Fedora' - name: Include version-specific variables for Debian. include_vars: "{{ ansible_distribution|title }}-{{ ansible_distribution_version.split('.')[0] }}.yml" when: ansible_os_family == 'Debian' - name: Define java_packages. set_fact: java_packages: "{{ __java_packages | list }}" when: java_packages is not defined # Setup/install tasks. - include_tasks: setup-RedHat.yml when: ansible_os_family == 'RedHat' - include_tasks: setup-Debian.yml when: ansible_os_family == 'Debian' - include_tasks: setup-FreeBSD.yml when: ansible_os_family == 'FreeBSD' # Environment setup. - name: Set JAVA_HOME if configured. template: src: java_home.sh.j2 dest: /etc/profile.d/java_home.sh mode: 0644 when: java_home is defined and java_home != '' ansible/roles/geerlingguy.java/tasks/setup-Debian.yml
New file @@ -0,0 +1,4 @@ --- - name: Ensure Java is installed. apt: "name={{ item }} state=present" with_items: "{{ java_packages }}" ansible/roles/geerlingguy.java/tasks/setup-FreeBSD.yml
New file @@ -0,0 +1,10 @@ --- - name: Ensure Java is installed. pkgng: "name={{ item }} state=present" with_items: "{{ java_packages }}" - name: ensure proc is mounted mount: name=/proc fstype=procfs src=proc opts=rw state=mounted - name: ensure fdesc is mounted mount: name=/dev/fd fstype=fdescfs src=fdesc opts=rw state=mounted ansible/roles/geerlingguy.java/tasks/setup-RedHat.yml
New file @@ -0,0 +1,4 @@ --- - name: Ensure Java is installed. package: "name={{ item }} state=present" with_items: "{{ java_packages }}" ansible/roles/geerlingguy.java/templates/java_home.sh.j2
New file @@ -0,0 +1 @@ export JAVA_HOME={{ java_home }} ansible/roles/geerlingguy.java/tests/README.md
New file @@ -0,0 +1,11 @@ # Ansible Role tests To run the test playbook(s) in this directory: 1. Install and start Docker. 1. Download the test shim (see .travis.yml file for the URL) into `tests/test.sh`: - `wget -O tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/` 1. Make the test shim executable: `chmod +x tests/test.sh`. 1. Run (from the role root directory) `distro=[distro] playbook=[playbook] ./tests/test.sh` If you don't want the container to be automatically deleted after the test playbook is run, add the following environment variables: `cleanup=false container_id=$(date +%s)` ansible/roles/geerlingguy.java/tests/test.yml
New file @@ -0,0 +1,11 @@ --- - hosts: all pre_tasks: - name: Update apt cache. apt: update_cache=yes cache_valid_time=600 when: ansible_os_family == 'Debian' changed_when: false roles: - role_under_test ansible/roles/geerlingguy.java/vars/Debian-8.yml
New file @@ -0,0 +1,7 @@ --- # JDK version options include: # - java # - openjdk-6-jdk # - openjdk-7-jdk __java_packages: - openjdk-7-jdk ansible/roles/geerlingguy.java/vars/Debian-9.yml
New file @@ -0,0 +1,6 @@ --- # JDK version options include: # - java # - openjdk-8-jdk __java_packages: - openjdk-8-jdk ansible/roles/geerlingguy.java/vars/Fedora.yml
New file @@ -0,0 +1,6 @@ --- # JDK version options include: # - java # - java-1.8.0-openjdk __java_packages: - java-1.8.0-openjdk ansible/roles/geerlingguy.java/vars/FreeBSD.yml
New file @@ -0,0 +1,7 @@ --- # JDK version options for FreeBSD include: # - openjdk # - openjdk6 # - openjdk8 __java_packages: - openjdk ansible/roles/geerlingguy.java/vars/RedHat.yml
New file @@ -0,0 +1,7 @@ --- # JDK version options include: # - java # - java-1.6.0-openjdk # - java-1.7.0-openjdk __java_packages: - java-1.7.0-openjdk ansible/roles/geerlingguy.java/vars/Ubuntu-12.yml
New file @@ -0,0 +1,7 @@ --- # JDK version options include: # - java # - openjdk-6-jdk # - openjdk-7-jdk __java_packages: - openjdk-7-jdk ansible/roles/geerlingguy.java/vars/Ubuntu-14.yml
New file @@ -0,0 +1,7 @@ --- # JDK version options include: # - java # - openjdk-6-jdk # - openjdk-7-jdk __java_packages: - openjdk-7-jdk ansible/roles/geerlingguy.java/vars/Ubuntu-16.yml
New file @@ -0,0 +1,7 @@ --- # JDK version options include: # - java # - openjdk-8-jdk # - openjdk-9-jdk __java_packages: - openjdk-8-jdk ansible/roles/geerlingguy.java/vars/Ubuntu-18.yml
New file @@ -0,0 +1,6 @@ --- # JDK version options include: # - java # - openjdk-11-jdk __java_packages: - openjdk-11-jdk ansible/roles/host-jenkins-server/.gitignore
New file @@ -0,0 +1,2 @@ *.retry tests/test.sh ansible/roles/host-jenkins-server/.travis.yml
New file @@ -0,0 +1,88 @@ --- services: docker env: # tests/test.yml - distro: centos7 playbook: test.yml prefix: '' http_port: 8080 - distro: fedora27 site: test.yml prefix: '' http_port: 8080 - distro: ubuntu1604 playbook: test.yml prefix: '' http_port: 8080 - distro: ubuntu1404 playbook: test.yml prefix: '' http_port: 8080 - distro: debian8 playbook: test.yml prefix: '' http_port: 8080 # tests/test-http-port.yml - distro: ubuntu1604 playbook: test-http-port.yml prefix: '' http_port: 8081 # tests/test-prefix.yml - distro: ubuntu1604 playbook: test-prefix.yml prefix: jenkins http_port: 8080 # tests/test-jenkins-version.yml - distro: centos7 playbook: test-jenkins-version.yml prefix: '' http_port: 8080 - distro: ubuntu1604 playbook: test-jenkins-version.yml prefix: '' http_port: 8080 # tests/test-plugins.yml - distro: ubuntu1604 playbook: test-plugins.yml prefix: '' http_port: 8080 # tests/test-plugins-with-home.yml - distro: ubuntu1604 playbook: test-plugins-with-home.yml prefix: '' http_port: 8080 # tests/test-plugins-with-pinning.yml - distro: ubuntu1604 playbook: test-plugins-with-pinning.yml prefix: '' http_port: 8080 script: # Configure test script so we can run extra tests after playbook is run. - export container_id=$(date +%s) - export cleanup=false # Download test shim. - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/ - chmod +x ${PWD}/tests/test.sh # Run tests. - ${PWD}/tests/test.sh # Make sure Jenkins is running. - 'docker exec --tty ${container_id} env TERM=xterm curl http://localhost:$http_port/$prefix' after_failure: # Check what happened on systemd systems. - 'docker exec --tty ${container_id} env TERM=xterm systemctl -l status jenkins.service' - 'docker exec --tty ${container_id} env TERM=xterm journalctl -xe --no-pager' notifications: webhooks: https://galaxy.ansible.com/api/v1/notifications/ ansible/roles/host-jenkins-server/LICENSE
New file @@ -0,0 +1,20 @@ The MIT License (MIT) Copyright (c) 2017 Jeff Geerling Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ansible/roles/host-jenkins-server/README.md
@@ -1,38 +1,138 @@ Role Name ========= # Ansible Role: Jenkins CI A brief description of the role goes here. [](https://travis-ci.org/geerlingguy/ansible-role-jenkins) Requirements ------------ Installs Jenkins CI on RHEL/CentOS and Debian/Ubuntu servers. Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. ## Requirements Role Variables -------------- Requires `curl` to be installed on the server. Also, newer versions of Jenkins require Java 8+ (see the test playbooks inside the `tests/` directory for an example of how to use newer versions of Java for your OS). A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. ## Role Variables Dependencies ------------ Available variables are listed below, along with default values (see `defaults/main.yml`): A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. jenkins_package_state: present Example Playbook ---------------- The state of the `jenkins` package install. By default this role installs Jenkins but will not upgrade Jenkins (when using package-based installs). If you want to always update to the latest version, change this to `latest`. Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: jenkins_hostname: localhost - hosts: servers roles: - { role: username.rolename, x: 42 } The system hostname; usually `localhost` works fine. This will be used during setup to communicate with the running Jenkins instance via HTTP requests. License ------- jenkins_home: /var/lib/jenkins BSD The Jenkins home directory which, amongst others, is being used for storing artifacts, workspaces and plugins. This variable allows you to override the default `/var/lib/jenkins` location. Author Information ------------------ jenkins_http_port: 8080 An optional section for the role authors to include contact information, or a website (HTML is not allowed). The HTTP port for Jenkins' web interface. jenkins_admin_username: admin jenkins_admin_password: admin Default admin account credentials which will be created the first time Jenkins is installed. jenkins_admin_password_file: "" Default admin password file which will be created the first time Jenkins is installed as /var/lib/jenkins/secrets/initialAdminPassword jenkins_admin_token: "" A Jenkins API token (generated after installation) for [authenticated scripted clients](https://wiki.jenkins-ci.org/display/JENKINS/Authenticating+scripted+clients). You can use the admin token instead of a username and password for more convenient scripted access to Jenkins (e.g. for plugin management through this role). jenkins_admin_token_file: "" A file (with full path) on the Jenkins server containing the admin token. If this variable is set in addition to the `jenkins_admin_token`, the contents of this file will overwrite the value of `jenkins_admin_token`. jenkins_jar_location: /opt/jenkins-cli.jar The location at which the `jenkins-cli.jar` jarfile will be kept. This is used for communicating with Jenkins via the CLI. jenkins_plugins: [] Jenkins plugins to be installed automatically during provisioning. jenkins_plugins_install_dependencies: yes Whether Jenkins plugins to be installed should also install any plugin dependencies. jenkins_plugins_state: present Use `latest` to ensure all plugins are running the most up-to-date version. jenkins_plugin_updates_expiration: 86400 Number of seconds after which a new copy of the update-center.json file is downloaded. Set it to 0 if no cache file should be used. jenkins_plugin_timeout: 30 The server connection timeout, in seconds, when installing Jenkins plugins. jenkins_version: "1.644" jenkins_pkg_url: "http://www.example.com" (Optional) Then Jenkins version can be pinned to any version available on `http://pkg.jenkins-ci.org/debian/` (Debian/Ubuntu) or `http://pkg.jenkins-ci.org/redhat/` (RHEL/CentOS). If the Jenkins version you need is not available in the default package URLs, you can override the URL with your own; set `jenkins_pkg_url` (_Note_: the role depends on the same naming convention that `http://pkg.jenkins-ci.org/` uses). jenkins_url_prefix: "" Used for setting a URL prefix for your Jenkins installation. The option is added as `--prefix={{ jenkins_url_prefix }}` to the Jenkins initialization `java` invocation, so you can access the installation at a path like `http://www.example.com{{ jenkins_url_prefix }}`. Make sure you start the prefix with a `/` (e.g. `/jenkins`). jenkins_connection_delay: 5 jenkins_connection_retries: 60 Amount of time and number of times to wait when connecting to Jenkins after initial startup, to verify that Jenkins is running. Total time to wait = `delay` * `retries`, so by default this role will wait up to 300 seconds before timing out. # For RedHat/CentOS (role default): jenkins_repo_url: http://pkg.jenkins-ci.org/redhat/jenkins.repo jenkins_repo_key_url: http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key # For Debian (role default): jenkins_repo_url: deb http://pkg.jenkins-ci.org/debian binary/ jenkins_repo_key_url: http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key This role will install the latest version of Jenkins by default (using the official repositories as listed above). You can override these variables (use the correct set for your platform) to install the current LTS version instead: # For RedHat/CentOS LTS: jenkins_repo_url: http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo jenkins_repo_key_url: http://pkg.jenkins-ci.org/redhat-stable/jenkins-ci.org.key # For Debian/Ubuntu LTS: jenkins_repo_url: deb http://pkg.jenkins-ci.org/debian-stable binary/ jenkins_repo_key_url: http://pkg.jenkins-ci.org/debian-stable/jenkins-ci.org.key It is also possible stop the repo file being added by setting `jenkins_repo_url = ''`. This is useful if, for example, you sign your own packages or run internal package management (e.g. Spacewalk). jenkins_java_options: "-Djenkins.install.runSetupWizard=false" Extra Java options for the Jenkins launch command configured in the init file can be set with the var `jenkins_java_options`. For example, if you want to configure the timezone Jenkins uses, add `-Dorg.apache.commons.jelly.tags.fmt.timeZone=America/New_York`. By default, the option to disable the Jenkins 2.0 setup wizard is added. jenkins_init_changes: - option: "JENKINS_ARGS" value: "--prefix={{ jenkins_url_prefix }}" - option: "JENKINS_JAVA_OPTIONS" value: "{{ jenkins_java_options }}" Changes made to the Jenkins init script; the default set of changes set the configured URL prefix and add in configured Java options for Jenkins' startup. You can add other option/value pairs if you need to set other options for the Jenkins init file. ## Dependencies - geerlingguy.java ## Example Playbook ```yaml - hosts: jenkins vars: jenkins_hostname: jenkins.example.com roles: - role: geerlingguy.java - role: geerlingguy.jenkins become: true ``` ## License MIT (Expat) / BSD ## Author Information This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). ansible/roles/host-jenkins-server/defaults/main.yml
New file @@ -0,0 +1,38 @@ --- # Optional method of pinning a specific version of Jenkins and/or overriding the # default Jenkins packaging URL. # jenkins_version: "1.644" # jenkins_pkg_url: "https://www.example.com" # Change this to `latest` to update Jenkins if a newer version is available. jenkins_package_state: present jenkins_connection_delay: 5 jenkins_connection_retries: 60 jenkins_home: /var/lib/jenkins jenkins_hostname: localhost jenkins_http_port: 8080 jenkins_jar_location: /opt/jenkins-cli.jar jenkins_url_prefix: "" jenkins_java_options: "-Djenkins.install.runSetupWizard=false" jenkins_plugins: [] jenkins_plugins_state: present jenkins_plugin_updates_expiration: 86400 jenkins_plugin_timeout: 30 jenkins_plugins_install_dependencies: yes jenkins_admin_username: admin jenkins_admin_password: admin jenkins_admin_password_file: "" jenkins_admin_token: "" jenkins_admin_token_file: "" jenkins_process_user: jenkins jenkins_process_group: "{{ jenkins_process_user }}" jenkins_init_changes: - option: "JENKINS_ARGS" value: "--prefix={{ jenkins_url_prefix }}" - option: "{{ jenkins_java_options_env_var }}" value: "{{ jenkins_java_options }}" ansible/roles/host-jenkins-server/handlers/main.yml
New file @@ -0,0 +1,12 @@ --- - name: restart jenkins service: name=jenkins state=restarted - name: configure default users template: src: basic-security.groovy dest: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy" owner: "{{ jenkins_process_user }}" group: "{{ jenkins_process_group }}" mode: 0775 register: jenkins_users_config ansible/roles/host-jenkins-server/meta/.galaxy_install_info
New file @@ -0,0 +1 @@ {install_date: 'Tue Aug 21 09:40:20 2018', version: 3.5.0} ansible/roles/host-jenkins-server/meta/main.yml
New file @@ -0,0 +1,29 @@ --- dependencies: - geerlingguy.java galaxy_info: author: geerlingguy description: Jenkins CI company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" min_ansible_version: 2.4 platforms: - name: EL versions: - 6 - 7 - name: Fedora versions: - all - name: Debian versions: - all - name: Ubuntu versions: - all galaxy_tags: - development - packaging - jenkins - ci ansible/roles/host-jenkins-server/tasks/main.yml
@@ -1,4 +1,60 @@ --- - name: Start host-gogs-server installer debug: msg: "Do the needful to deploy host-gogs-server" # Variable setup. - name: Include OS-Specific variables include_vars: "{{ ansible_os_family }}.yml" - name: Define jenkins_repo_url set_fact: jenkins_repo_url: "{{ __jenkins_repo_url }}" when: jenkins_repo_url is not defined - name: Define jenkins_repo_key_url set_fact: jenkins_repo_key_url: "{{ __jenkins_repo_key_url }}" when: jenkins_repo_key_url is not defined - name: Define jenkins_pkg_url set_fact: jenkins_pkg_url: "{{ __jenkins_pkg_url }}" when: jenkins_pkg_url is not defined # Setup/install tasks. - include_tasks: setup-RedHat.yml when: ansible_os_family == 'RedHat' - include_tasks: setup-Debian.yml when: ansible_os_family == 'Debian' # Configure Jenkins init settings. - include_tasks: settings.yml # Make sure Jenkins starts, then configure Jenkins. - name: Ensure Jenkins is started and runs on startup. service: name=jenkins state=started enabled=yes - name: Wait for Jenkins to start up before proceeding. shell: "curl -D - --silent --max-time 5 http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}/cli/" register: result until: (result.stdout.find("403 Forbidden") != -1) or (result.stdout.find("200 OK") != -1) and (result.stdout.find("Please wait while") == -1) retries: "{{ jenkins_connection_retries }}" delay: "{{ jenkins_connection_delay }}" changed_when: false check_mode: no - name: Get the jenkins-cli jarfile from the Jenkins server. get_url: url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}/jnlpJars/jenkins-cli.jar" dest: "{{ jenkins_jar_location }}" register: jarfile_get until: "'OK' in jarfile_get.msg or 'file already exists' in jarfile_get.msg" retries: 5 delay: 10 check_mode: no - name: Remove Jenkins security init scripts after first startup. file: path: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy" state: absent # Update Jenkins and install configured plugins. - include_tasks: plugins.yml ansible/roles/host-jenkins-server/tasks/plugins.yml
New file @@ -0,0 +1,72 @@ --- # jenkins_plugin module doesn't support password files. - name: Get Jenkins admin password from file. slurp: src: "{{ jenkins_admin_password_file }}" register: adminpasswordfile no_log: True when: jenkins_admin_password_file != "" - name: Set Jenkins admin password fact. set_fact: jenkins_admin_password: "{{ adminpasswordfile['stdout'] | default(jenkins_admin_password) }}" no_log: True - name: Get Jenkins admin token from file. slurp: src: "{{ jenkins_admin_token_file }}" register: admintokenfile no_log: True when: jenkins_admin_token_file != "" - name: Set Jenkins admin token fact. set_fact: jenkins_admin_token: "{{ admintokenfile['stdout'] | default(jenkins_admin_token) }}" no_log: True # Update Jenkins so that plugin updates don't fail. - name: Create update directory file: path: "{{ jenkins_home }}/updates" state: directory owner: jenkins group: jenkins - name: Download current plugin updates from Jenkins update site get_url: url: http://updates.jenkins-ci.org/update-center.json dest: "{{ jenkins_home}}/updates/default.json" owner: jenkins group: jenkins mode: 0440 - name: Remove first and last line from json file replace: path: "{{ jenkins_home }}/updates/default.json" regexp: "1d;$d" - name: Install Jenkins plugins using password. jenkins_plugin: name: "{{ item }}" jenkins_home: "{{ jenkins_home }}" url_username: "{{ jenkins_admin_username }}" url_password: "{{ jenkins_admin_password }}" state: "{{ jenkins_plugins_state }}" timeout: "{{ jenkins_plugin_timeout }}" updates_expiration: "{{ jenkins_plugin_updates_expiration }}" url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}" with_dependencies: "{{ jenkins_plugins_install_dependencies }}" with_items: "{{ jenkins_plugins }}" when: jenkins_admin_password != "" notify: restart jenkins - name: Install Jenkins plugins using token. jenkins_plugin: name: "{{ item }}" url_token: "{{ jenkins_admin_token }}" updates_expiration: "{{ jenkins_plugin_updates_expiration }}" url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}" with_dependencies: "{{ jenkins_plugins_install_dependencies }}" with_items: "{{ jenkins_plugins }}" when: jenkins_admin_token != "" notify: restart jenkins ansible/roles/host-jenkins-server/tasks/settings.yml
New file @@ -0,0 +1,56 @@ --- - name: Modify variables in init file lineinfile: dest: "{{ jenkins_init_file }}" insertafter: '^{{ item.option }}=' regexp: '^{{ item.option}}=\"\${{ item.option }} ' line: '{{ item.option }}="${{ item.option }} {{ item.value }}"' state: present with_items: "{{ jenkins_init_changes }}" register: jenkins_init_prefix - name: Set the Jenkins home directory lineinfile: dest: "{{ jenkins_init_file }}" regexp: '^JENKINS_HOME=.*' line: 'JENKINS_HOME={{ jenkins_home }}' register: jenkins_home_config - name: Immediately restart Jenkins on init config changes. service: name=jenkins state=restarted when: jenkins_init_prefix.changed - name: Set HTTP port in Jenkins config. lineinfile: backrefs: yes dest: "{{ jenkins_init_file }}" regexp: '^{{ jenkins_http_port_param }}=' line: '{{ jenkins_http_port_param }}={{ jenkins_http_port }}' register: jenkins_http_config - name: Ensure jenkins_home {{ jenkins_home }} exists file: path: "{{ jenkins_home }}" state: directory owner: jenkins group: jenkins mode: u+rwx follow: true - name: Create custom init scripts directory. file: path: "{{ jenkins_home }}/init.groovy.d" state: directory owner: "{{ jenkins_process_user }}" group: "{{ jenkins_process_group }}" mode: 0775 - name: Trigger handlers immediately in case Jenkins was installed meta: flush_handlers - name: Immediately restart Jenkins on http or user changes. service: name=jenkins state=restarted when: (jenkins_users_config is defined and jenkins_users_config.changed) or (jenkins_http_config is defined and jenkins_http_config.changed) or (jenkins_home_config is defined and jenkins_home_config.changed) ansible/roles/host-jenkins-server/tasks/setup-Debian.yml
New file @@ -0,0 +1,44 @@ --- - name: Ensure dependencies are installed. apt: name: - curl - apt-transport-https state: present - name: Add Jenkins apt repository key. apt_key: url: "{{ jenkins_repo_key_url }}" state: present - name: Add Jenkins apt repository. apt_repository: repo: "{{ jenkins_repo_url }}" state: present update_cache: yes when: jenkins_repo_url != '' - name: Download specific Jenkins version. get_url: url: "{{ jenkins_pkg_url }}/jenkins_{{ jenkins_version }}_all.deb" dest: "/tmp/jenkins_{{ jenkins_version }}_all.deb" when: jenkins_version is defined - name: Check if we downloaded a specific version of Jenkins. stat: path: "/tmp/jenkins_{{ jenkins_version }}_all.deb" register: specific_version when: jenkins_version is defined - name: Install our specific version of Jenkins. apt: deb: "/tmp/jenkins_{{ jenkins_version }}_all.deb" state: present when: jenkins_version is defined and specific_version.stat.exists notify: configure default users - name: Ensure Jenkins is installed. apt: name: jenkins state: "{{ jenkins_package_state }}" notify: configure default users ansible/roles/host-jenkins-server/tasks/setup-RedHat.yml
New file @@ -0,0 +1,44 @@ --- - name: Ensure dependencies are installed. package: name: - curl - libselinux-python - initscripts state: present - name: Ensure Jenkins repo is installed. get_url: url: "{{ jenkins_repo_url }}" dest: /etc/yum.repos.d/jenkins.repo when: jenkins_repo_url != '' - name: Add Jenkins repo GPG key. rpm_key: state: present key: "{{ jenkins_repo_key_url }}" - name: Download specific Jenkins version. get_url: url: "{{ jenkins_pkg_url }}/jenkins-{{ jenkins_version }}-1.1.noarch.rpm" dest: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm" when: jenkins_version is defined - name: Check if we downloaded a specific version of Jenkins. stat: path: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm" register: specific_version when: jenkins_version is defined - name: Install our specific version of Jenkins. package: name: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm" state: present when: jenkins_version is defined and specific_version.stat.exists notify: configure default users - name: Ensure Jenkins is installed. package: name: jenkins state: "{{ jenkins_package_state }}" notify: configure default users ansible/roles/host-jenkins-server/templates/basic-security.groovy
New file @@ -0,0 +1,28 @@ #!groovy import hudson.security.* import jenkins.model.* def instance = Jenkins.getInstance() def hudsonRealm = new HudsonPrivateSecurityRealm(false) def users = hudsonRealm.getAllUsers() users_s = users.collect { it.toString() } // Create the admin user account if it doesn't already exist. if ("{{ jenkins_admin_username }}" in users_s) { println "Admin user already exists - updating password" def user = hudson.model.User.get('{{ jenkins_admin_username }}'); def password = hudson.security.HudsonPrivateSecurityRealm.Details.fromPlainPassword('{{ jenkins_admin_password }}') user.addProperty(password) user.save() } else { println "--> creating local admin user" hudsonRealm.createAccount('{{ jenkins_admin_username }}', '{{ jenkins_admin_password }}') instance.setSecurityRealm(hudsonRealm) def strategy = new FullControlOnceLoggedInAuthorizationStrategy() instance.setAuthorizationStrategy(strategy) instance.save() } ansible/roles/host-jenkins-server/tests/README.md
New file @@ -0,0 +1,11 @@ # Ansible Role tests To run the test playbook(s) in this directory: 1. Install and start Docker. 1. Download the test shim (see .travis.yml file for the URL) into `tests/test.sh`: - `wget -O tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/` 1. Make the test shim executable: `chmod +x tests/test.sh`. 1. Run (from the role root directory) `distro=[distro] playbook=[playbook] ./tests/test.sh` If you don't want the container to be automatically deleted after the test playbook is run, add the following environment variables: `cleanup=false container_id=$(date +%s)` ansible/roles/host-jenkins-server/tests/java-8.yml
New file @@ -0,0 +1,49 @@ --- # Ubuntu. - name: Add repository for OpenJDK 8 (Ubuntu 14). apt_repository: repo='ppa:openjdk-r/ppa' when: ansible_distribution == "Ubuntu" and ansible_distribution_version == "14.04" # Debian. - name: Enable Backports repository (Debian 8). apt_repository: repo: 'deb http://ftp.debian.org/debian {{ ansible_distribution_release }}-backports main' state: present filename: "{{ ansible_distribution_release }}_backports" when: ansible_distribution == "Debian" - name: Update apt cache. apt: update_cache=yes cache_valid_time=600 when: ansible_os_family == 'Debian' changed_when: false # See: http://unix.stackexchange.com/a/342469 - name: Install dependencies. apt: default_release: "{{ ansible_distribution_release }}-backports" name: - openjdk-8-jre-headless - ca-certificates-java state: present when: ansible_distribution == "Debian" # Red Hat. - name: Set the java_packages variable (RedHat). set_fact: java_packages: - java-1.8.0-openjdk when: ansible_os_family == 'RedHat' # Ubuntu. - name: Set the java_packages variable (Ubuntu). set_fact: java_packages: - openjdk-8-jdk when: ansible_distribution == 'Ubuntu' # Debian. - name: Set the java_packages variable (Debian). set_fact: java_packages: - openjdk-8-jdk when: ansible_distribution == 'Debian' ansible/roles/host-jenkins-server/tests/requirements.yml
New file @@ -0,0 +1,2 @@ --- - src: geerlingguy.java ansible/roles/host-jenkins-server/tests/test-http-port.yml
New file @@ -0,0 +1,12 @@ --- - hosts: all vars: jenkins_http_port: 8081 pre_tasks: - include_tasks: java-8.yml roles: - geerlingguy.java - role_under_test ansible/roles/host-jenkins-server/tests/test-jenkins-version.yml
New file @@ -0,0 +1,15 @@ --- - hosts: localhost vars: jenkins_version: 1.644 pre_tasks: - name: Update apt cache. apt: update_cache=yes cache_valid_time=600 when: ansible_os_family == 'Debian' changed_when: false roles: - geerlingguy.java - role_under_test ansible/roles/host-jenkins-server/tests/test-plugins-with-home.yml
New file @@ -0,0 +1,15 @@ --- - hosts: all vars: jenkins_plugins: - greenballs jenkins_home: /tmp/jenkins jenkins_plugin_timeout: 120 pre_tasks: - include_tasks: java-8.yml roles: - geerlingguy.java - role_under_test ansible/roles/host-jenkins-server/tests/test-plugins-with-pinning.yml
New file @@ -0,0 +1,14 @@ --- - hosts: all vars: jenkins_version: 2.60 jenkins_plugins: - ant pre_tasks: - include_tasks: java-8.yml roles: - geerlingguy.java - role_under_test ansible/roles/host-jenkins-server/tests/test-plugins.yml
New file @@ -0,0 +1,17 @@ --- - hosts: all vars: jenkins_plugins: - blueocean - ghprb - greenballs - workflow-aggregator jenkins_plugin_timeout: 120 pre_tasks: - include_tasks: java-8.yml roles: - geerlingguy.java - role_under_test ansible/roles/host-jenkins-server/tests/test-prefix.yml
New file @@ -0,0 +1,12 @@ --- - hosts: all vars: jenkins_url_prefix: /jenkins pre_tasks: - include_tasks: java-8.yml roles: - geerlingguy.java - role_under_test ansible/roles/host-jenkins-server/tests/test.yml
New file @@ -0,0 +1,9 @@ --- - hosts: all pre_tasks: - include_tasks: java-8.yml roles: - geerlingguy.java - role_under_test ansible/roles/host-jenkins-server/vars/Debian.yml
New file @@ -0,0 +1,7 @@ --- __jenkins_repo_url: deb https://pkg.jenkins.io/debian binary/ __jenkins_repo_key_url: https://pkg.jenkins.io/debian/jenkins.io.key __jenkins_pkg_url: https://pkg.jenkins.io/debian/binary jenkins_init_file: /etc/default/jenkins jenkins_http_port_param: HTTP_PORT jenkins_java_options_env_var: JAVA_ARGS ansible/roles/host-jenkins-server/vars/RedHat.yml
New file @@ -0,0 +1,7 @@ --- __jenkins_repo_url: https://pkg.jenkins.io/redhat/jenkins.repo __jenkins_repo_key_url: https://pkg.jenkins.io/redhat/jenkins.io.key __jenkins_pkg_url: https://pkg.jenkins.io/redhat jenkins_init_file: /etc/sysconfig/jenkins jenkins_http_port_param: JENKINS_PORT jenkins_java_options_env_var: JENKINS_JAVA_OPTIONS
