Jenkins Integration (#1)
Keepass Info entfernt Bugfix-Pfad Pfad KeepassDB angepasst KeyFile Var entfernt Pluginpfad in ansible.cfg angegeben Rolle mgrote.ansible aus Playbooks entfernt Keepass-Lookup-Plugin in repo gepackt Rolle mgrote.ansible entfernt Playbook mgrote.ansible eingefügt Bugfix Jenkins-Plugins test für jenkins test für jenkins Pfade in ansible.cfg angepasst Plugins und Options Port 80 --> 8080 Housekeeping Java in Playbook geerlingguy.java als submodule Vars ansible und pip Rolle mit become Playbbok und Vars - WIP Variablen ACNG in GroupVars verschoben jenkins admin_name und admin_passwort hinzugefügt in keepass https://github.com/geerlingguy/ansible-role-jenkins als submodule ceph und k8s raus jenkins in inventory Co-authored-by: Michael Grote <38253905+quotengrote@users.noreply.github.com> Reviewed-on: mg/ansible#1
This commit is contained in:
parent
79521f8dd0
commit
d1022a2485
19 changed files with 194 additions and 62 deletions
6
.gitmodules
vendored
6
.gitmodules
vendored
|
@ -31,3 +31,9 @@
|
|||
[submodule "roles/geerlingguy.dotfiles"]
|
||||
path = roles/geerlingguy.dotfiles
|
||||
url = https://github.com/geerlingguy/ansible-role-dotfiles
|
||||
[submodule "roles/geerlingguy.jenkins"]
|
||||
path = roles/geerlingguy.jenkins
|
||||
url = https://github.com/geerlingguy/ansible-role-jenkins
|
||||
[submodule "roles/geerlingguy.java"]
|
||||
path = roles/geerlingguy.java
|
||||
url = https://github.com/geerlingguy/ansible-role-java
|
||||
|
|
19
ansible.cfg
19
ansible.cfg
|
@ -1,9 +1,22 @@
|
|||
[defaults]
|
||||
inventory = ~/ansible
|
||||
inventory = ./inventory
|
||||
nocows = 1
|
||||
retry_files_enabled = False
|
||||
roles_path = ~/ansible/roles
|
||||
vault_password_file = ~/ansible/vault-pass.yml
|
||||
roles_path = ./roles
|
||||
|
||||
#action_plugins = /usr/share/ansible/plugins/action
|
||||
#become_plugins = /usr/share/ansible/plugins/become
|
||||
#cache_plugins = /usr/share/ansible/plugins/cache
|
||||
#callback_plugins = /usr/share/ansible/plugins/callback
|
||||
#connection_plugins = /usr/share/ansible/plugins/connection
|
||||
lookup_plugins = ./plugins/lookup
|
||||
#inventory_plugins = /usr/share/ansible/plugins/inventory
|
||||
#vars_plugins = /usr/share/ansible/plugins/vars
|
||||
#filter_plugins = /usr/share/ansible/plugins/filter
|
||||
#test_plugins = /usr/share/ansible/plugins/test
|
||||
#terminal_plugins = /usr/share/ansible/plugins/terminal
|
||||
#strategy_plugins = /usr/share/ansible/plugins/strategy
|
||||
|
||||
[inventory]
|
||||
|
||||
[privilege_escalation]
|
||||
|
|
|
@ -8,3 +8,6 @@
|
|||
- rule: allow
|
||||
to_port: 9999
|
||||
comment: 'acng'
|
||||
### mgrote.acng
|
||||
acng_server_port: 9999
|
||||
apt_cacher_ng_exthreshold: "60" #hebt Pakete 60 Tage auf
|
||||
|
|
|
@ -66,13 +66,12 @@
|
|||
### python3
|
||||
# https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html
|
||||
ansible_python_interpreter: "/usr/bin/python3"
|
||||
ansible_ssh_private_key_file: /home/mg/ansible/id_rsa_ansible_user
|
||||
|
||||
# Ansible Plugin Variablen
|
||||
### Keepass
|
||||
# https://github.com/viczem/ansible-keepass
|
||||
# liegt unter /home/mg/ansible/.ansible/plugins/keepass.py
|
||||
keepass_dbx: "/home/mg/ansible/keepass_db.kdbx"
|
||||
# liegt unter ./plugins/lookup/keepass.py
|
||||
keepass_dbx: "./keepass_db.kdbx"
|
||||
keepass_psw: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
62383737623066396239383336646164616537646630653964313532383130343533346561633039
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
### geerlingguy.pip
|
||||
pip_package: python3-pip
|
||||
pip_install_packages:
|
||||
# Specify names and versions.
|
||||
- name: pykeepass
|
||||
- name: Jinja2
|
||||
- name: markupsafe
|
||||
|
|
30
group_vars/jenkins.yml
Normal file
30
group_vars/jenkins.yml
Normal file
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
### geerlingguy.jenkins
|
||||
jenkins_package_state: latest
|
||||
jenkins_http_port: 8080
|
||||
jenkins_admin_username: "{{ lookup('keepass', 'jenkins_admin_name', 'password') }}"
|
||||
jenkins_admin_password: "{{ lookup('keepass', 'jenkins_admin_password', 'password') }}"
|
||||
# jenkins_plugins:
|
||||
# - name: ansible
|
||||
# - name: docker
|
||||
jenkins_plugins_install_dependencies: true
|
||||
jenkins_plugins_state: latest
|
||||
jenkins_java_options: "-Djenkins.install.runSetupWizard=true"
|
||||
### geerlingguy.pip
|
||||
pip_package: python3-pip
|
||||
pip_install_packages:
|
||||
- name: pykeepass
|
||||
- name: Jinja2
|
||||
- name: markupsafe
|
||||
### geerlingguy.ansible
|
||||
ansible_install_method: pip
|
||||
ansible_install_version_pip: '2.10'
|
||||
### oefenweb.ufw
|
||||
ufw_rules:
|
||||
- rule: allow
|
||||
to_port: 22
|
||||
protocol: tcp
|
||||
comment: 'ssh'
|
||||
- rule: allow
|
||||
to_port: 8080
|
||||
comment: 'jenkins'
|
23
inventory
23
inventory
|
@ -15,6 +15,11 @@ all:
|
|||
fileserver2.grote.lan:
|
||||
fileserver-staging.grote.lan:
|
||||
fileserver-test.grote.lan:
|
||||
jenkins:
|
||||
hosts:
|
||||
jenkins.grote.lan:
|
||||
jenkins-staging.grote.lan:
|
||||
jenkins-test.grote.lan:
|
||||
dns:
|
||||
hosts:
|
||||
pi.hole:
|
||||
|
@ -53,20 +58,7 @@ all:
|
|||
# qmk:
|
||||
# hosts:
|
||||
# qmk.grote.lan:
|
||||
# ceph:
|
||||
# hosts:
|
||||
# ceph-1.grote.lan:
|
||||
# ceph-2.grote.lan:
|
||||
# ceph-3.grote.lan:
|
||||
# ceph-4.grote.lan:
|
||||
# ceph-5.grote.lan:
|
||||
# ceph-6.grote.lan:
|
||||
# ceph-7.grote.lan:
|
||||
# k8s:
|
||||
# hosts:
|
||||
# k8s-1.grote.lan:
|
||||
# k8s-2.grote.lan:
|
||||
# k8s-3.grote.lan:
|
||||
|
||||
|
||||
|
||||
production:
|
||||
|
@ -79,6 +71,7 @@ all:
|
|||
ansible.grote.lan:
|
||||
docker.grote.lan:
|
||||
pve2.grote.lan:
|
||||
jenkins.grote.lan:
|
||||
staging:
|
||||
hosts:
|
||||
wireguard-staging.grote.lan:
|
||||
|
@ -89,6 +82,7 @@ all:
|
|||
ansible-staging.grote.lan:
|
||||
docker-staging.grote.lan:
|
||||
pve-staging.grote.lan:
|
||||
jenkins-staging.grote.lan:
|
||||
test:
|
||||
hosts:
|
||||
wireguard-test.grote.lan:
|
||||
|
@ -101,3 +95,4 @@ all:
|
|||
vm-test.grote.lan:
|
||||
lxc-test.grote.lan:
|
||||
pve-test.grote.lan:
|
||||
jenkins-test.grote.lan:
|
||||
|
|
BIN
keepass_db.kdbx
BIN
keepass_db.kdbx
Binary file not shown.
|
@ -2,7 +2,3 @@
|
|||
- hosts: acng
|
||||
roles:
|
||||
- { role: mgrote.acng, tags: "acng" }
|
||||
vars:
|
||||
### mgrote.acng
|
||||
acng_server_port: 9999
|
||||
apt_cacher_ng_exthreshold: "60" #hebt Pakete 60 Tage auf
|
||||
|
|
|
@ -3,4 +3,3 @@
|
|||
roles:
|
||||
- { role: geerlingguy.pip, tags: "pip", become: true }
|
||||
- { role: geerlingguy.ansible, tags: "ansible", become: true }
|
||||
- { role: mgrote.ansible, tags: "ansible-mg" }
|
||||
|
|
7
playbooks/service/jenkins.yml
Normal file
7
playbooks/service/jenkins.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
- hosts: jenkins
|
||||
roles:
|
||||
- { role: geerlingguy.pip, tags: "pip", become: true }
|
||||
- { role: geerlingguy.ansible, tags: "ansible", become: true }
|
||||
- { role: geerlingguy.java, tags: "java", become: true }
|
||||
- { role: geerlingguy.jenkins, tags: "jenkins", become: true }
|
119
plugins/lookup/keepass.py
Normal file
119
plugins/lookup/keepass.py
Normal file
|
@ -0,0 +1,119 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
__metaclass__ = type
|
||||
|
||||
try:
|
||||
from __main__ import display
|
||||
except ImportError:
|
||||
from ansible.utils.display import Display
|
||||
display = Display()
|
||||
|
||||
import os
|
||||
import json
|
||||
import socket
|
||||
import tempfile
|
||||
from pykeepass import PyKeePass
|
||||
from construct.core import ChecksumError
|
||||
from ansible.errors import AnsibleError
|
||||
from ansible.plugins.lookup import LookupBase
|
||||
|
||||
|
||||
DOCUMENTATION = """
|
||||
lookup: keepass
|
||||
author: Victor Zemtsov <victor.zemtsov@gmail.com>
|
||||
version_added: '0.2'
|
||||
short_description: fetch data from KeePass file
|
||||
description:
|
||||
- This lookup returns a value of a property of a KeePass entry
|
||||
- which fetched by given path
|
||||
options:
|
||||
_terms:
|
||||
description:
|
||||
- first is a path to KeePass entry
|
||||
- second is a property name of the entry, e.g. username or password
|
||||
required: True
|
||||
notes:
|
||||
- https://github.com/viczem/ansible-keepass
|
||||
|
||||
example:
|
||||
- "{{ lookup('keepass', 'path/to/entry', 'password') }}"
|
||||
"""
|
||||
|
||||
|
||||
class LookupModule(LookupBase):
|
||||
keepass = None
|
||||
|
||||
def run(self, terms, variables=None, **kwargs):
|
||||
if not terms or len(terms) < 2 or len(terms) > 3:
|
||||
raise AnsibleError('Wrong request format')
|
||||
entry_path = terms[0].strip('/')
|
||||
entry_attr = terms[1]
|
||||
enable_custom_attr = False
|
||||
|
||||
if len(terms) == 3:
|
||||
enable_custom_attr = terms[2]
|
||||
|
||||
kp_dbx = variables.get('keepass_dbx', '')
|
||||
kp_dbx = os.path.realpath(os.path.expanduser(kp_dbx))
|
||||
if os.path.isfile(kp_dbx):
|
||||
display.v(u"Keepass: database file %s" % kp_dbx)
|
||||
|
||||
kp_soc = "%s/ansible-keepass.sock" % tempfile.gettempdir()
|
||||
if os.path.exists(kp_soc):
|
||||
display.v(u"Keepass: fetch from socket")
|
||||
return self._fetch_socket(kp_soc, entry_path, entry_attr)
|
||||
|
||||
kp_psw = variables.get('keepass_psw', '')
|
||||
kp_key = variables.get('keepass_key')
|
||||
display.v(u"Keepass: fetch from kdbx file")
|
||||
return self._fetch_file(
|
||||
kp_dbx, str(kp_psw), kp_key, entry_path, entry_attr, enable_custom_attr)
|
||||
|
||||
def _fetch_file(self, kp_dbx, kp_psw, kp_key, entry_path, entry_attr, enable_custom_attr):
|
||||
if kp_key:
|
||||
kp_key = os.path.realpath(os.path.expanduser(kp_key))
|
||||
if os.path.isfile(kp_key):
|
||||
display.vvv(u"Keepass: database keyfile: %s" % kp_key)
|
||||
|
||||
try:
|
||||
if not LookupModule.keepass:
|
||||
LookupModule.keepass = PyKeePass(kp_dbx, kp_psw, kp_key)
|
||||
entry = LookupModule.keepass.\
|
||||
find_entries_by_path(entry_path, first=True)
|
||||
if entry is None:
|
||||
raise AnsibleError(u"Entry '%s' is not found" % entry_path)
|
||||
display.vv(
|
||||
u"KeePass: attr: %s in path: %s" % (entry_attr, entry_path))
|
||||
entry_val = None
|
||||
if enable_custom_attr:
|
||||
entry_val = entry.get_custom_property(entry_attr)
|
||||
if entry_val is not None:
|
||||
return [entry_val]
|
||||
else:
|
||||
raise AnsibleError(AttributeError(u"'No custom field property '%s'" % (entry_attr)))
|
||||
else:
|
||||
return [getattr(entry, entry_attr)]
|
||||
except ChecksumError:
|
||||
raise AnsibleError("Wrong password/keyfile {}".format(kp_dbx))
|
||||
except (AttributeError, FileNotFoundError) as e:
|
||||
raise AnsibleError(e)
|
||||
|
||||
def _fetch_socket(self, kp_soc, entry_path, entry_attr):
|
||||
display.vvvv(u"KeePass: try to socket connect")
|
||||
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
|
||||
sock.connect(kp_soc)
|
||||
display.vvvv(u"KeePass: connected")
|
||||
sock.send(json.dumps({'attr': entry_attr, 'path': entry_path}).encode())
|
||||
display.vv(u"KeePass: attr: %s in path: %s" % (entry_attr, entry_path))
|
||||
try:
|
||||
msg = json.loads(sock.recv(1024).decode())
|
||||
except json.JSONDecodeError as e:
|
||||
raise AnsibleError(str(e))
|
||||
finally:
|
||||
sock.close()
|
||||
display.vvvv(u"KeePass: disconnected")
|
||||
|
||||
if msg['status'] == 'error':
|
||||
raise AnsibleError(msg['text'])
|
||||
return [msg['text']]
|
1
roles/geerlingguy.java
Submodule
1
roles/geerlingguy.java
Submodule
|
@ -0,0 +1 @@
|
|||
Subproject commit 2091e47c2512415e9ccc84ba269a936e23cc9fc1
|
1
roles/geerlingguy.jenkins
Submodule
1
roles/geerlingguy.jenkins
Submodule
|
@ -0,0 +1 @@
|
|||
Subproject commit 43ce4e4608030dd35fbeda0865d779a43e6d9cdb
|
|
@ -1,8 +0,0 @@
|
|||
## mgrote.ansible
|
||||
|
||||
### Beschreibung
|
||||
Installiert ansible und konfiguriert es damit "cowsay" nicht benutzt wird.
|
||||
|
||||
### Funktioniert auf
|
||||
- [x] Ubuntu (>=18.04)
|
||||
- [ ] Debian
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: geerlingguy.pip
|
||||
galaxy_info:
|
||||
author: mgrote
|
||||
description: configures an ansible-host
|
||||
min_ansible_version: 2.0
|
||||
license: GPLv3
|
||||
platforms:
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- all
|
||||
galaxy_tags:
|
||||
- system
|
|
@ -1,14 +0,0 @@
|
|||
# pykeepass wird durch geerlingguy.pip mit installiert
|
||||
# https://github.com/viczem/ansible-keepass#readme
|
||||
- name: create ~/.ansible/plugins/lookup
|
||||
become: yes
|
||||
ansible.builtin.file:
|
||||
path: /home/mg/.ansible/plugins/lookup
|
||||
state: directory
|
||||
|
||||
- name: Download keepass.py
|
||||
become: yes
|
||||
ansible.builtin.get_url:
|
||||
url: https://raw.githubusercontent.com/viczem/ansible-keepass/master/keepass.py
|
||||
dest: /home/mg/.ansible/plugins/lookup/keepass.py
|
||||
backup: yes
|
Loading…
Reference in a new issue