Jenkins Integration (#1)

Keepass Info entfernt

Bugfix-Pfad

Pfad KeepassDB angepasst

KeyFile Var entfernt

Pluginpfad in ansible.cfg angegeben

Rolle mgrote.ansible aus Playbooks entfernt

Keepass-Lookup-Plugin in repo gepackt

Rolle mgrote.ansible entfernt

Playbook mgrote.ansible eingefügt

Bugfix Jenkins-Plugins

test für jenkins

test für jenkins

Pfade in ansible.cfg angepasst

Plugins und Options

Port 80 --> 8080

Housekeeping

Java in Playbook

geerlingguy.java als submodule

Vars ansible und pip

Rolle mit become

Playbbok und Vars - WIP

Variablen ACNG in GroupVars verschoben

jenkins admin_name und admin_passwort hinzugefügt in keepass

https://github.com/geerlingguy/ansible-role-jenkins als submodule

ceph und k8s raus

jenkins in inventory

Co-authored-by: Michael Grote <38253905+quotengrote@users.noreply.github.com>
Reviewed-on: mg/ansible#1
This commit is contained in:
Michael Grote 2020-12-09 10:21:40 +01:00
parent 79521f8dd0
commit d1022a2485
19 changed files with 194 additions and 62 deletions

6
.gitmodules vendored
View file

@ -31,3 +31,9 @@
[submodule "roles/geerlingguy.dotfiles"]
path = roles/geerlingguy.dotfiles
url = https://github.com/geerlingguy/ansible-role-dotfiles
[submodule "roles/geerlingguy.jenkins"]
path = roles/geerlingguy.jenkins
url = https://github.com/geerlingguy/ansible-role-jenkins
[submodule "roles/geerlingguy.java"]
path = roles/geerlingguy.java
url = https://github.com/geerlingguy/ansible-role-java

View file

@ -1,9 +1,22 @@
[defaults]
inventory = ~/ansible
inventory = ./inventory
nocows = 1
retry_files_enabled = False
roles_path = ~/ansible/roles
vault_password_file = ~/ansible/vault-pass.yml
roles_path = ./roles
#action_plugins = /usr/share/ansible/plugins/action
#become_plugins = /usr/share/ansible/plugins/become
#cache_plugins = /usr/share/ansible/plugins/cache
#callback_plugins = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection
lookup_plugins = ./plugins/lookup
#inventory_plugins = /usr/share/ansible/plugins/inventory
#vars_plugins = /usr/share/ansible/plugins/vars
#filter_plugins = /usr/share/ansible/plugins/filter
#test_plugins = /usr/share/ansible/plugins/test
#terminal_plugins = /usr/share/ansible/plugins/terminal
#strategy_plugins = /usr/share/ansible/plugins/strategy
[inventory]
[privilege_escalation]

View file

@ -8,3 +8,6 @@
- rule: allow
to_port: 9999
comment: 'acng'
### mgrote.acng
acng_server_port: 9999
apt_cacher_ng_exthreshold: "60" #hebt Pakete 60 Tage auf

View file

@ -66,13 +66,12 @@
### python3
# https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html
ansible_python_interpreter: "/usr/bin/python3"
ansible_ssh_private_key_file: /home/mg/ansible/id_rsa_ansible_user
# Ansible Plugin Variablen
### Keepass
# https://github.com/viczem/ansible-keepass
# liegt unter /home/mg/ansible/.ansible/plugins/keepass.py
keepass_dbx: "/home/mg/ansible/keepass_db.kdbx"
# liegt unter ./plugins/lookup/keepass.py
keepass_dbx: "./keepass_db.kdbx"
keepass_psw: !vault |
$ANSIBLE_VAULT;1.1;AES256
62383737623066396239383336646164616537646630653964313532383130343533346561633039

View file

@ -2,7 +2,6 @@
### geerlingguy.pip
pip_package: python3-pip
pip_install_packages:
# Specify names and versions.
- name: pykeepass
- name: Jinja2
- name: markupsafe

30
group_vars/jenkins.yml Normal file
View file

@ -0,0 +1,30 @@
---
### geerlingguy.jenkins
jenkins_package_state: latest
jenkins_http_port: 8080
jenkins_admin_username: "{{ lookup('keepass', 'jenkins_admin_name', 'password') }}"
jenkins_admin_password: "{{ lookup('keepass', 'jenkins_admin_password', 'password') }}"
# jenkins_plugins:
# - name: ansible
# - name: docker
jenkins_plugins_install_dependencies: true
jenkins_plugins_state: latest
jenkins_java_options: "-Djenkins.install.runSetupWizard=true"
### geerlingguy.pip
pip_package: python3-pip
pip_install_packages:
- name: pykeepass
- name: Jinja2
- name: markupsafe
### geerlingguy.ansible
ansible_install_method: pip
ansible_install_version_pip: '2.10'
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
- rule: allow
to_port: 8080
comment: 'jenkins'

View file

@ -15,6 +15,11 @@ all:
fileserver2.grote.lan:
fileserver-staging.grote.lan:
fileserver-test.grote.lan:
jenkins:
hosts:
jenkins.grote.lan:
jenkins-staging.grote.lan:
jenkins-test.grote.lan:
dns:
hosts:
pi.hole:
@ -53,20 +58,7 @@ all:
# qmk:
# hosts:
# qmk.grote.lan:
# ceph:
# hosts:
# ceph-1.grote.lan:
# ceph-2.grote.lan:
# ceph-3.grote.lan:
# ceph-4.grote.lan:
# ceph-5.grote.lan:
# ceph-6.grote.lan:
# ceph-7.grote.lan:
# k8s:
# hosts:
# k8s-1.grote.lan:
# k8s-2.grote.lan:
# k8s-3.grote.lan:
production:
@ -79,6 +71,7 @@ all:
ansible.grote.lan:
docker.grote.lan:
pve2.grote.lan:
jenkins.grote.lan:
staging:
hosts:
wireguard-staging.grote.lan:
@ -89,6 +82,7 @@ all:
ansible-staging.grote.lan:
docker-staging.grote.lan:
pve-staging.grote.lan:
jenkins-staging.grote.lan:
test:
hosts:
wireguard-test.grote.lan:
@ -101,3 +95,4 @@ all:
vm-test.grote.lan:
lxc-test.grote.lan:
pve-test.grote.lan:
jenkins-test.grote.lan:

Binary file not shown.

View file

@ -2,7 +2,3 @@
- hosts: acng
roles:
- { role: mgrote.acng, tags: "acng" }
vars:
### mgrote.acng
acng_server_port: 9999
apt_cacher_ng_exthreshold: "60" #hebt Pakete 60 Tage auf

View file

@ -3,4 +3,3 @@
roles:
- { role: geerlingguy.pip, tags: "pip", become: true }
- { role: geerlingguy.ansible, tags: "ansible", become: true }
- { role: mgrote.ansible, tags: "ansible-mg" }

View file

@ -0,0 +1,7 @@
---
- hosts: jenkins
roles:
- { role: geerlingguy.pip, tags: "pip", become: true }
- { role: geerlingguy.ansible, tags: "ansible", become: true }
- { role: geerlingguy.java, tags: "java", become: true }
- { role: geerlingguy.jenkins, tags: "jenkins", become: true }

119
plugins/lookup/keepass.py Normal file
View file

@ -0,0 +1,119 @@
# -*- coding: utf-8 -*-
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
try:
from __main__ import display
except ImportError:
from ansible.utils.display import Display
display = Display()
import os
import json
import socket
import tempfile
from pykeepass import PyKeePass
from construct.core import ChecksumError
from ansible.errors import AnsibleError
from ansible.plugins.lookup import LookupBase
DOCUMENTATION = """
lookup: keepass
author: Victor Zemtsov <victor.zemtsov@gmail.com>
version_added: '0.2'
short_description: fetch data from KeePass file
description:
- This lookup returns a value of a property of a KeePass entry
- which fetched by given path
options:
_terms:
description:
- first is a path to KeePass entry
- second is a property name of the entry, e.g. username or password
required: True
notes:
- https://github.com/viczem/ansible-keepass
example:
- "{{ lookup('keepass', 'path/to/entry', 'password') }}"
"""
class LookupModule(LookupBase):
keepass = None
def run(self, terms, variables=None, **kwargs):
if not terms or len(terms) < 2 or len(terms) > 3:
raise AnsibleError('Wrong request format')
entry_path = terms[0].strip('/')
entry_attr = terms[1]
enable_custom_attr = False
if len(terms) == 3:
enable_custom_attr = terms[2]
kp_dbx = variables.get('keepass_dbx', '')
kp_dbx = os.path.realpath(os.path.expanduser(kp_dbx))
if os.path.isfile(kp_dbx):
display.v(u"Keepass: database file %s" % kp_dbx)
kp_soc = "%s/ansible-keepass.sock" % tempfile.gettempdir()
if os.path.exists(kp_soc):
display.v(u"Keepass: fetch from socket")
return self._fetch_socket(kp_soc, entry_path, entry_attr)
kp_psw = variables.get('keepass_psw', '')
kp_key = variables.get('keepass_key')
display.v(u"Keepass: fetch from kdbx file")
return self._fetch_file(
kp_dbx, str(kp_psw), kp_key, entry_path, entry_attr, enable_custom_attr)
def _fetch_file(self, kp_dbx, kp_psw, kp_key, entry_path, entry_attr, enable_custom_attr):
if kp_key:
kp_key = os.path.realpath(os.path.expanduser(kp_key))
if os.path.isfile(kp_key):
display.vvv(u"Keepass: database keyfile: %s" % kp_key)
try:
if not LookupModule.keepass:
LookupModule.keepass = PyKeePass(kp_dbx, kp_psw, kp_key)
entry = LookupModule.keepass.\
find_entries_by_path(entry_path, first=True)
if entry is None:
raise AnsibleError(u"Entry '%s' is not found" % entry_path)
display.vv(
u"KeePass: attr: %s in path: %s" % (entry_attr, entry_path))
entry_val = None
if enable_custom_attr:
entry_val = entry.get_custom_property(entry_attr)
if entry_val is not None:
return [entry_val]
else:
raise AnsibleError(AttributeError(u"'No custom field property '%s'" % (entry_attr)))
else:
return [getattr(entry, entry_attr)]
except ChecksumError:
raise AnsibleError("Wrong password/keyfile {}".format(kp_dbx))
except (AttributeError, FileNotFoundError) as e:
raise AnsibleError(e)
def _fetch_socket(self, kp_soc, entry_path, entry_attr):
display.vvvv(u"KeePass: try to socket connect")
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
sock.connect(kp_soc)
display.vvvv(u"KeePass: connected")
sock.send(json.dumps({'attr': entry_attr, 'path': entry_path}).encode())
display.vv(u"KeePass: attr: %s in path: %s" % (entry_attr, entry_path))
try:
msg = json.loads(sock.recv(1024).decode())
except json.JSONDecodeError as e:
raise AnsibleError(str(e))
finally:
sock.close()
display.vvvv(u"KeePass: disconnected")
if msg['status'] == 'error':
raise AnsibleError(msg['text'])
return [msg['text']]

@ -0,0 +1 @@
Subproject commit 2091e47c2512415e9ccc84ba269a936e23cc9fc1

@ -0,0 +1 @@
Subproject commit 43ce4e4608030dd35fbeda0865d779a43e6d9cdb

View file

@ -1,8 +0,0 @@
## mgrote.ansible
### Beschreibung
Installiert ansible und konfiguriert es damit "cowsay" nicht benutzt wird.
### Funktioniert auf
- [x] Ubuntu (>=18.04)
- [ ] Debian

View file

@ -1,14 +0,0 @@
---
dependencies:
- role: geerlingguy.pip
galaxy_info:
author: mgrote
description: configures an ansible-host
min_ansible_version: 2.0
license: GPLv3
platforms:
- name: Ubuntu
versions:
- all
galaxy_tags:
- system

View file

@ -1,14 +0,0 @@
# pykeepass wird durch geerlingguy.pip mit installiert
# https://github.com/viczem/ansible-keepass#readme
- name: create ~/.ansible/plugins/lookup
become: yes
ansible.builtin.file:
path: /home/mg/.ansible/plugins/lookup
state: directory
- name: Download keepass.py
become: yes
ansible.builtin.get_url:
url: https://raw.githubusercontent.com/viczem/ansible-keepass/master/keepass.py
dest: /home/mg/.ansible/plugins/lookup/keepass.py
backup: yes