Jenkins Integration (#1)

Keepass Info entfernt Bugfix-Pfad Pfad KeepassDB angepasst KeyFile Var entfernt Pluginpfad in ansible.cfg angegeben Rolle mgrote.ansible aus Playbooks entfernt Keepass-Lookup-Plugin in repo gepackt Rolle mgrote.ansible entfernt Playbook mgrote.ansible eingefügt Bugfix Jenkins-Plugins test für jenkins test für jenkins Pfade in ansible.cfg angepasst Plugins und Options Port 80 --> 8080 Housekeeping Java in Playbook geerlingguy.java als submodule Vars ansible und pip Rolle mit become Playbbok und Vars - WIP Variablen ACNG in GroupVars verschoben jenkins admin_name und admin_passwort hinzugefügt in keepass https://github.com/geerlingguy/ansible-role-jenkins als submodule ceph und k8s raus jenkins in inventory Co-authored-by: Michael Grote <38253905+quotengrote@users.noreply.github.com> Reviewed-on: mg/ansible#1
2020-12-09 10:21:40 +01:00 · 2020-12-09 10:21:40 +01:00 · d1022a2485
commit d1022a2485
parent 79521f8dd0
19 changed files with 194 additions and 62 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -31,3 +31,9 @@
 [submodule "roles/geerlingguy.dotfiles"]
 	path = roles/geerlingguy.dotfiles
 	url = https://github.com/geerlingguy/ansible-role-dotfiles
 [submodule "roles/geerlingguy.jenkins"]
 	path = roles/geerlingguy.jenkins
 	url = https://github.com/geerlingguy/ansible-role-jenkins
 [submodule "roles/geerlingguy.java"]
 	path = roles/geerlingguy.java
 	url = https://github.com/geerlingguy/ansible-role-java
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,9 +1,22 @@
 [defaults]
-inventory = ~/ansible
+inventory = ./inventory
 nocows = 1
 retry_files_enabled = False
-roles_path = ~/ansible/roles
+roles_path = ./roles
-vault_password_file = ~/ansible/vault-pass.yml
+
 #action_plugins     = /usr/share/ansible/plugins/action
 #become_plugins     = /usr/share/ansible/plugins/become
 #cache_plugins      = /usr/share/ansible/plugins/cache
 #callback_plugins   = /usr/share/ansible/plugins/callback
 #connection_plugins = /usr/share/ansible/plugins/connection
 lookup_plugins     = ./plugins/lookup
 #inventory_plugins  = /usr/share/ansible/plugins/inventory
 #vars_plugins       = /usr/share/ansible/plugins/vars
 #filter_plugins     = /usr/share/ansible/plugins/filter
 #test_plugins       = /usr/share/ansible/plugins/test
 #terminal_plugins   = /usr/share/ansible/plugins/terminal
 #strategy_plugins   = /usr/share/ansible/plugins/strategy
 [inventory]
 [privilege_escalation]
--- a/group_vars/acng.yml
+++ b/group_vars/acng.yml
@ -8,3 +8,6 @@
    - rule: allow
      to_port: 9999
      comment: 'acng'
  ### mgrote.acng
  acng_server_port: 9999
  apt_cacher_ng_exthreshold: "60" #hebt Pakete 60 Tage auf
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -66,13 +66,12 @@
  ### python3
  # https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html
  ansible_python_interpreter: "/usr/bin/python3"
  ansible_ssh_private_key_file: /home/mg/ansible/id_rsa_ansible_user
  # Ansible Plugin Variablen
  ### Keepass
  # https://github.com/viczem/ansible-keepass
-  # liegt unter /home/mg/ansible/.ansible/plugins/keepass.py
+  # liegt unter ./plugins/lookup/keepass.py
-  keepass_dbx: "/home/mg/ansible/keepass_db.kdbx"
+  keepass_dbx: "./keepass_db.kdbx"
  keepass_psw: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          62383737623066396239383336646164616537646630653964313532383130343533346561633039
--- a/group_vars/ansible.yml
+++ b/group_vars/ansible.yml
@ -2,7 +2,6 @@
  ### geerlingguy.pip
  pip_package: python3-pip
  pip_install_packages:
    # Specify names and versions.
    - name: pykeepass
    - name: Jinja2
    - name: markupsafe
--- a/group_vars/jenkins.yml
+++ b/group_vars/jenkins.yml
@ -0,0 +1,30 @@
 ---
  ### geerlingguy.jenkins
  jenkins_package_state: latest
  jenkins_http_port: 8080
  jenkins_admin_username: "{{ lookup('keepass', 'jenkins_admin_name', 'password') }}"
  jenkins_admin_password: "{{ lookup('keepass', 'jenkins_admin_password', 'password') }}"
 #  jenkins_plugins:
 #    - name: ansible
 #    - name: docker
  jenkins_plugins_install_dependencies: true
  jenkins_plugins_state: latest
  jenkins_java_options: "-Djenkins.install.runSetupWizard=true"
  ### geerlingguy.pip
  pip_package: python3-pip
  pip_install_packages:
    - name: pykeepass
    - name: Jinja2
    - name: markupsafe
  ### geerlingguy.ansible
  ansible_install_method: pip
  ansible_install_version_pip: '2.10'
  ### oefenweb.ufw
  ufw_rules:
    - rule: allow
      to_port: 22
      protocol: tcp
      comment: 'ssh'
    - rule: allow
      to_port: 8080
      comment: 'jenkins'
--- a/23
+++ b/23
@ -15,6 +15,11 @@ all:
        fileserver2.grote.lan:
        fileserver-staging.grote.lan:
        fileserver-test.grote.lan:
    jenkins:
      hosts:
        jenkins.grote.lan:
        jenkins-staging.grote.lan:
        jenkins-test.grote.lan:
    dns:
      hosts:
        pi.hole:
@ -53,20 +58,7 @@ all:
 #    qmk:
 #      hosts:
 #        qmk.grote.lan:
-#    ceph:
+
 #      hosts:
 #        ceph-1.grote.lan:
 #        ceph-2.grote.lan:
 #        ceph-3.grote.lan:
 #        ceph-4.grote.lan:
 #        ceph-5.grote.lan:
 #        ceph-6.grote.lan:
 #        ceph-7.grote.lan:
 #    k8s:
 #      hosts:
 #        k8s-1.grote.lan:
 #        k8s-2.grote.lan:
 #        k8s-3.grote.lan:
    production:
@ -79,6 +71,7 @@ all:
        ansible.grote.lan:
        docker.grote.lan:
        pve2.grote.lan:
        jenkins.grote.lan:
    staging:
      hosts:
        wireguard-staging.grote.lan:
@ -89,6 +82,7 @@ all:
        ansible-staging.grote.lan:
        docker-staging.grote.lan:
        pve-staging.grote.lan:
        jenkins-staging.grote.lan:
    test:
      hosts:
        wireguard-test.grote.lan:
@ -101,3 +95,4 @@ all:
        vm-test.grote.lan:
        lxc-test.grote.lan:
        pve-test.grote.lan:
        jenkins-test.grote.lan:
--- a/keepass_db.kdbx
+++ b/keepass_db.kdbx
--- a/playbooks/service/acng.yml
+++ b/playbooks/service/acng.yml
@ -2,7 +2,3 @@
 - hosts: acng
  roles:
    - { role: mgrote.acng, tags: "acng" }
  vars:
    ### mgrote.acng
    acng_server_port: 9999
    apt_cacher_ng_exthreshold: "60" #hebt Pakete 60 Tage auf
--- a/playbooks/service/ansible.yml
+++ b/playbooks/service/ansible.yml
@ -3,4 +3,3 @@
  roles:
    - { role: geerlingguy.pip, tags: "pip", become: true }
    - { role: geerlingguy.ansible, tags: "ansible", become: true }
    - { role: mgrote.ansible, tags: "ansible-mg" }
--- a/playbooks/service/jenkins.yml
+++ b/playbooks/service/jenkins.yml
@ -0,0 +1,7 @@
 ---
 - hosts: jenkins
  roles:
    - { role: geerlingguy.pip, tags: "pip", become: true }
    - { role: geerlingguy.ansible, tags: "ansible", become: true }
    - { role: geerlingguy.java, tags: "java", become: true }
    - { role: geerlingguy.jenkins, tags: "jenkins", become: true }
--- a/plugins/lookup/keepass.py
+++ b/plugins/lookup/keepass.py
@ -0,0 +1,119 @@
 # -*- coding: utf-8 -*-
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 try:
    from __main__ import display
 except ImportError:
    from ansible.utils.display import Display
    display = Display()
 import os
 import json
 import socket
 import tempfile
 from pykeepass import PyKeePass
 from construct.core import ChecksumError
 from ansible.errors import AnsibleError
 from ansible.plugins.lookup import LookupBase
 DOCUMENTATION = """
    lookup: keepass
    author: Victor Zemtsov <victor.zemtsov@gmail.com>
    version_added: '0.2'
    short_description: fetch data from KeePass file
    description:
        - This lookup returns a value of a property of a KeePass entry 
        - which fetched by given path
    options:
      _terms:
        description: 
          - first is a path to KeePass entry
          - second is a property name of the entry, e.g. username or password
        required: True
    notes:
      - https://github.com/viczem/ansible-keepass
    example:
      - "{{ lookup('keepass', 'path/to/entry', 'password') }}"
 """
 class LookupModule(LookupBase):
    keepass = None
    def run(self, terms, variables=None, **kwargs):
        if not terms or len(terms) < 2 or len(terms) > 3:
            raise AnsibleError('Wrong request format')
        entry_path = terms[0].strip('/')
        entry_attr = terms[1]
        enable_custom_attr = False
        if len(terms) == 3:
            enable_custom_attr = terms[2]
        kp_dbx = variables.get('keepass_dbx', '')
        kp_dbx = os.path.realpath(os.path.expanduser(kp_dbx))
        if os.path.isfile(kp_dbx):
            display.v(u"Keepass: database file %s" % kp_dbx)
        kp_soc = "%s/ansible-keepass.sock" % tempfile.gettempdir()
        if os.path.exists(kp_soc):
            display.v(u"Keepass: fetch from socket")
            return self._fetch_socket(kp_soc, entry_path, entry_attr)
        kp_psw = variables.get('keepass_psw', '')
        kp_key = variables.get('keepass_key')
        display.v(u"Keepass: fetch from kdbx file")
        return self._fetch_file(
            kp_dbx, str(kp_psw), kp_key, entry_path, entry_attr, enable_custom_attr)
    def _fetch_file(self, kp_dbx, kp_psw, kp_key, entry_path, entry_attr, enable_custom_attr):
        if kp_key:
            kp_key = os.path.realpath(os.path.expanduser(kp_key))
            if os.path.isfile(kp_key):
                display.vvv(u"Keepass: database keyfile: %s" % kp_key)
        try:
            if not LookupModule.keepass:
                LookupModule.keepass = PyKeePass(kp_dbx, kp_psw, kp_key)
            entry = LookupModule.keepass.\
                find_entries_by_path(entry_path, first=True)
            if entry is None:
                raise AnsibleError(u"Entry '%s' is not found" % entry_path)
            display.vv(
                u"KeePass: attr: %s in path: %s" % (entry_attr, entry_path))
            entry_val = None
            if enable_custom_attr:
                entry_val = entry.get_custom_property(entry_attr)
                if entry_val is not None:
                    return [entry_val]
                else:
                    raise AnsibleError(AttributeError(u"'No custom field property '%s'" % (entry_attr)))
            else:
                return [getattr(entry, entry_attr)]
        except ChecksumError:
            raise AnsibleError("Wrong password/keyfile {}".format(kp_dbx))
        except (AttributeError, FileNotFoundError) as e:
            raise AnsibleError(e)
    def _fetch_socket(self, kp_soc, entry_path, entry_attr):
        display.vvvv(u"KeePass: try to socket connect")
        sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
        sock.connect(kp_soc)
        display.vvvv(u"KeePass: connected")
        sock.send(json.dumps({'attr': entry_attr, 'path': entry_path}).encode())
        display.vv(u"KeePass: attr: %s in path: %s" % (entry_attr, entry_path))
        try:
            msg = json.loads(sock.recv(1024).decode())
        except json.JSONDecodeError as e:
            raise AnsibleError(str(e))
        finally:
            sock.close()
            display.vvvv(u"KeePass: disconnected")
        if msg['status'] == 'error':
            raise AnsibleError(msg['text'])
        return [msg['text']]
--- a/roles/geerlingguy.java
+++ b/roles/geerlingguy.java
@ -0,0 +1 @@
 Subproject commit 2091e47c2512415e9ccc84ba269a936e23cc9fc1
--- a/roles/geerlingguy.jenkins
+++ b/roles/geerlingguy.jenkins
@ -0,0 +1 @@
 Subproject commit 43ce4e4608030dd35fbeda0865d779a43e6d9cdb
--- a/roles/mgrote.ansible/README.md
+++ b/roles/mgrote.ansible/README.md
@ -1,8 +0,0 @@
 ## mgrote.ansible
 ### Beschreibung
 Installiert ansible und konfiguriert es damit "cowsay" nicht benutzt wird.
 ### Funktioniert auf
 - [x] Ubuntu (>=18.04)
 - [ ] Debian
--- a/roles/mgrote.ansible/defaults/main.yml
+++ b/roles/mgrote.ansible/defaults/main.yml
--- a/roles/mgrote.ansible/handlers/main.yml
+++ b/roles/mgrote.ansible/handlers/main.yml
--- a/roles/mgrote.ansible/meta/main.yml
+++ b/roles/mgrote.ansible/meta/main.yml
@ -1,14 +0,0 @@
 ---
 dependencies:
  - role: geerlingguy.pip
 galaxy_info:
  author: mgrote
  description: configures an ansible-host
  min_ansible_version: 2.0
  license: GPLv3
  platforms:
  - name: Ubuntu
    versions:
    - all
  galaxy_tags:
    - system
--- a/roles/mgrote.ansible/tasks/main.yml
+++ b/roles/mgrote.ansible/tasks/main.yml
@ -1,14 +0,0 @@
  # pykeepass wird durch geerlingguy.pip mit installiert
  # https://github.com/viczem/ansible-keepass#readme
  - name: create ~/.ansible/plugins/lookup
    become: yes
    ansible.builtin.file:
      path: /home/mg/.ansible/plugins/lookup
      state: directory
  - name: Download keepass.py
    become: yes
    ansible.builtin.get_url:
      url: https://raw.githubusercontent.com/viczem/ansible-keepass/master/keepass.py
      dest: /home/mg/.ansible/plugins/lookup/keepass.py
      backup: yes
		`@ -0,0 +1 @@`
							`Subproject commit 2091e47c2512415e9ccc84ba269a936e23cc9fc1`
		`@ -0,0 +1 @@`
							`Subproject commit 43ce4e4608030dd35fbeda0865d779a43e6d9cdb`