mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

Rolle entfernt: Jenkins (#469)

Browse source 
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: #469
This commit is contained in:
Michael Grote 2023-02-17 11:47:18 +01:00
parent c8f6842b2a
commit d8b81f90cf
31 changed files with 0 additions and 1016 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/geerlingguy.jenkins/.ansible-lint
View file

@ -1,2 +0,0 @@
skip_list:
- '106'

4
roles/geerlingguy.jenkins/.github/FUNDING.yml vendored
View file

@ -1,4 +0,0 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

56
roles/geerlingguy.jenkins/.github/stale.yml vendored
View file

@ -1,56 +0,0 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- pinned
- security
- planned
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
unmarkComment: >-
This pull request is no longer marked for closure.
closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
issues:
markComment: |-
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
unmarkComment: >-
This issue is no longer marked for closure.
closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

82
roles/geerlingguy.jenkins/.github/workflows/ci.yml vendored
View file

@ -1,82 +0,0 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "30 7 * * 2"
defaults:
run:
working-directory: 'geerlingguy.jenkins'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.jenkins'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint ansible-lint
- name: Lint code.
run: |
yamllint .
ansible-lint
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
include:
- distro: centos8
playbook: converge.yml
- distro: ubuntu1804
playbook: converge.yml
- distro: debian10
playbook: converge.yml
# Test other role features.
- distro: ubuntu1804
playbook: http-port.yml
- distro: ubuntu1804
playbook: prefix.yml
- distro: ubuntu1804
playbook: plugins-with-home.yml
- distro: centos7
playbook: jenkins-version.yml
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.jenkins'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}
MOLECULE_PLAYBOOK: ${{ matrix.playbook }}

38
roles/geerlingguy.jenkins/.github/workflows/release.yml vendored
View file

@ -1,38 +0,0 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.jenkins'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.jenkins'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-base
- name: Trigger a new import on Galaxy.
run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

3
roles/geerlingguy.jenkins/.gitignore vendored
View file

@ -1,3 +0,0 @@
*.retry
*/__pycache__
*.pyc

11
roles/geerlingguy.jenkins/.yamllint
View file

@ -1,11 +0,0 @@
---
extends: default
rules:
line-length:
max: 150
level: warning
ignore: |
.github/stale.yml
.travis.yml

20
roles/geerlingguy.jenkins/LICENSE
View file

@ -1,20 +0,0 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

149
roles/geerlingguy.jenkins/README.md
View file

@ -1,149 +0,0 @@
# Ansible Role: Jenkins CI
[![CI](https://github.com/geerlingguy/ansible-role-jenkins/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-jenkins/actions?query=workflow%3ACI)
Installs Jenkins CI on RHEL/CentOS and Debian/Ubuntu servers.
## Requirements
Requires `curl` to be installed on the server. Also, newer versions of Jenkins require Java 8+ (see the test playbooks inside the `molecule/default` directory for an example of how to use newer versions of Java for your OS).
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
jenkins_package_state: present
The state of the `jenkins` package install. By default this role installs Jenkins but will not upgrade Jenkins (when using package-based installs). If you want to always update to the latest version, change this to `latest`.
jenkins_hostname: localhost
The system hostname; usually `localhost` works fine. This will be used during setup to communicate with the running Jenkins instance via HTTP requests.
jenkins_home: /var/lib/jenkins
The Jenkins home directory which, amongst others, is being used for storing artifacts, workspaces and plugins. This variable allows you to override the default `/var/lib/jenkins` location.
jenkins_http_port: 8080
The HTTP port for Jenkins' web interface.
jenkins_admin_username: admin
jenkins_admin_password: admin
Default admin account credentials which will be created the first time Jenkins is installed.
jenkins_admin_password_file: ""
Default admin password file which will be created the first time Jenkins is installed as /var/lib/jenkins/secrets/initialAdminPassword
jenkins_jar_location: /opt/jenkins-cli.jar
The location at which the `jenkins-cli.jar` jarfile will be kept. This is used for communicating with Jenkins via the CLI.
jenkins_plugins:
- blueocean
- name: influxdb
version: "1.12.1"
Jenkins plugins to be installed automatically during provisioning. Defaults to empty list (`[]`). Items can use name or dictionary with `name` and `version` keys to pin specific version of a plugin.
jenkins_plugins_install_dependencies: true
Whether Jenkins plugins to be installed should also install any plugin dependencies.
jenkins_plugins_state: present
Use `latest` to ensure all plugins are running the most up-to-date version. For any plugin that has a specific version set in `jenkins_plugins` list, state `present` will be used instead of `jenkins_plugins_state` value.
jenkins_plugin_updates_expiration: 86400
Number of seconds after which a new copy of the update-center.json file is downloaded. Set it to 0 if no cache file should be used.
jenkins_updates_url: "https://updates.jenkins.io"
The URL to use for Jenkins plugin updates and update-center information.
jenkins_plugin_timeout: 30
The server connection timeout, in seconds, when installing Jenkins plugins.
jenkins_version: "2.220"
jenkins_pkg_url: "http://www.example.com"
(Optional) Then Jenkins version can be pinned to any version available on `http://pkg.jenkins-ci.org/debian/` (Debian/Ubuntu) or `http://pkg.jenkins-ci.org/redhat/` (RHEL/CentOS). If the Jenkins version you need is not available in the default package URLs, you can override the URL with your own; set `jenkins_pkg_url` (_Note_: the role depends on the same naming convention that `http://pkg.jenkins-ci.org/` uses).
jenkins_url_prefix: ""
Used for setting a URL prefix for your Jenkins installation. The option is added as `--prefix={{ jenkins_url_prefix }}` to the Jenkins initialization `java` invocation, so you can access the installation at a path like `http://www.example.com{{ jenkins_url_prefix }}`. Make sure you start the prefix with a `/` (e.g. `/jenkins`).
jenkins_connection_delay: 5
jenkins_connection_retries: 60
Amount of time and number of times to wait when connecting to Jenkins after initial startup, to verify that Jenkins is running. Total time to wait = `delay` * `retries`, so by default this role will wait up to 300 seconds before timing out.
jenkins_prefer_lts: false
By default, this role will install the latest version of Jenkins using the official repositories according to the platform. You can install the current LTS version instead by setting this to `false`.
The default repositories (listed below) can be overridden as well.
# For RedHat/CentOS:
jenkins_repo_url: https://pkg.jenkins.io/redhat{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.repo
jenkins_repo_key_url: https://pkg.jenkins.io/redhat{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.io.key
# For Debian/Ubuntu:
jenkins_repo_url: deb https://pkg.jenkins.io/debian{{ '-stable' if (jenkins_prefer_lts | bool) else '' }} binary/
jenkins_repo_key_url: https://pkg.jenkins.io/debian{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.io.key
It is also possible to prevent the repo file from being added by setting `jenkins_repo_url: ''`. This is useful if, for example, you sign your own packages or run internal package management (e.g. Spacewalk).
jenkins_java_options: "-Djenkins.install.runSetupWizard=false"
Extra Java options for the Jenkins launch command configured in the init file can be set with the var `jenkins_java_options`. For example, if you want to configure the timezone Jenkins uses, add `-Dorg.apache.commons.jelly.tags.fmt.timeZone=America/New_York`. By default, the option to disable the Jenkins 2.0 setup wizard is added.
jenkins_init_changes:
- option: "JENKINS_ARGS"
value: "--prefix={{ jenkins_url_prefix }}"
- option: "JENKINS_JAVA_OPTIONS"
value: "{{ jenkins_java_options }}"
Changes made to the Jenkins init script; the default set of changes set the configured URL prefix and add in configured Java options for Jenkins' startup. You can add other option/value pairs if you need to set other options for the Jenkins init file.
jenkins_proxy_host: ""
jenkins_proxy_port: ""
jenkins_proxy_noproxy:
- "127.0.0.1"
- "localhost"
If you are running Jenkins behind a proxy server, configure these options appropriately. Otherwise Jenkins will be configured with a direct Internet connection.
## Dependencies
None.
## Example Playbook
```yaml
- hosts: jenkins
become: true
vars:
jenkins_hostname: jenkins.example.com
java_packages:
- openjdk-8-jdk
roles:
- role: geerlingguy.java
- role: geerlingguy.jenkins
```
Note that `java_packages` may need different versions depending on your distro (e.g. `openjdk-11-jdk` for Debian 10, or `java-1.8.0-openjdk` for RHEL 7 or 8).
## License
MIT (Expat) / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

51
roles/geerlingguy.jenkins/defaults/main.yml
View file

@ -1,51 +0,0 @@
---
# Optional method of pinning a specific version of Jenkins and/or overriding the
# default Jenkins packaging URL.
# jenkins_version: "1.644"
# jenkins_pkg_url: "https://www.example.com"
# Change this to `latest` to update Jenkins if a newer version is available.
jenkins_package_state: present
jenkins_prefer_lts: false
jenkins_connection_delay: 5
jenkins_connection_retries: 60
jenkins_home: /var/lib/jenkins
jenkins_hostname: localhost
jenkins_http_port: 8080
jenkins_jar_location: /opt/jenkins-cli.jar
jenkins_url_prefix: ""
jenkins_java_options: "-Djenkins.install.runSetupWizard=false"
# Plugin list can use the plugin name, or a name/version dict.
jenkins_plugins: []
# - blueocean
# - name: influxdb
# version: "1.12.1"
jenkins_plugins_state: present
jenkins_plugin_updates_expiration: 86400
jenkins_plugin_timeout: 30
jenkins_plugins_install_dependencies: true
jenkins_updates_url: "https://updates.jenkins.io"
jenkins_admin_username: admin
jenkins_admin_password: admin
jenkins_admin_password_file: ""
jenkins_process_user: jenkins
jenkins_process_group: "{{ jenkins_process_user }}"
jenkins_init_changes:
- option: "JENKINS_ARGS"
value: "--prefix={{ jenkins_url_prefix }}"
- option: "{{ jenkins_java_options_env_var }}"
value: "{{ jenkins_java_options }}"
# If Jenkins is behind a proxy, configure this.
jenkins_proxy_host: ""
jenkins_proxy_port: ""
jenkins_proxy_noproxy:
- "127.0.0.1"
- "localhost"

12
roles/geerlingguy.jenkins/handlers/main.yml
View file

@ -1,12 +0,0 @@
---
- name: restart jenkins
service: name=jenkins state=restarted
- name: configure default users
template:
src: basic-security.groovy.j2
dest: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy"
owner: "{{ jenkins_process_user }}"
group: "{{ jenkins_process_group }}"
mode: 0775
register: jenkins_users_config

30
roles/geerlingguy.jenkins/meta/main.yml
View file

@ -1,30 +0,0 @@
---
dependencies: []
galaxy_info:
role_name: jenkins
author: geerlingguy
description: Jenkins CI
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- 6
- 7
- 8
- name: Fedora
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- development
- packaging
- jenkins
- ci

21
roles/geerlingguy.jenkins/molecule/default/converge.yml
View file

@ -1,21 +0,0 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- include_tasks: java-8.yml
- include_tasks: java-11.yml
when:
- ansible_distribution == 'Debian'
- ansible_distribution_major_version == '10'
roles:
- role: geerlingguy.java
- role: geerlingguy.jenkins
post_tasks:
- name: Check if Jenkins is running.
uri:
url: "http://127.0.0.1:8080/"

24
roles/geerlingguy.jenkins/molecule/default/http-port.yml
View file

@ -1,24 +0,0 @@
---
- name: Converge
hosts: all
become: true
vars:
jenkins_http_port: 8081
pre_tasks:
- include_tasks: java-8.yml
roles:
- geerlingguy.java
- geerlingguy.jenkins
post_tasks:
- name: Ensure Jenkins is running on the specified port.
uri:
url: "http://127.0.0.1:{{ jenkins_http_port }}"
status_code: 200
register: result
until: result.status == 200
retries: 60
delay: 1

6
roles/geerlingguy.jenkins/molecule/default/java-11.yml
View file

@ -1,6 +0,0 @@
---
- name: Set the java_packages variable (Debian).
set_fact:
java_packages:
- openjdk-11-jdk
when: ansible_os_family == 'Debian'

19
roles/geerlingguy.jenkins/molecule/default/java-8.yml
View file

@ -1,19 +0,0 @@
---
# Debian.
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
- name: Set the java_packages variable (Debian).
set_fact:
java_packages:
- openjdk-8-jdk
when: ansible_os_family == 'Debian'
# Red Hat.
- name: Set the java_packages variable (RedHat).
set_fact:
java_packages:
- java-1.8.0-openjdk
when: ansible_os_family == 'RedHat'

27
roles/geerlingguy.jenkins/molecule/default/jenkins-version.yml
View file

@ -1,27 +0,0 @@
---
- name: Converge
hosts: all
become: true
vars:
jenkins_version: "2.220"
roles:
- geerlingguy.java
- geerlingguy.jenkins
post_tasks:
- name: Check installed version of Jenkins.
command: rpm -q jenkins
args:
warn: false
changed_when: false
register: jenkins_rpm_version
tags: ['skip_ansible_lint']
- name: Print installed Jenkins package information.
debug: var=jenkins_rpm_version
- name: Fail if version doesn't match what we wanted.
fail:
when: "jenkins_version not in jenkins_rpm_version.stdout"

17
roles/geerlingguy.jenkins/molecule/default/molecule.yml
View file

@ -1,17 +0,0 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

62
roles/geerlingguy.jenkins/molecule/default/plugins-with-home.yml
View file

@ -1,62 +0,0 @@
---
- name: Converge
hosts: all
become: true
vars:
jenkins_plugins:
- ghprb
- greenballs
- {name: cloudbees-folder, version: 6.11}
jenkins_home: /tmp/jenkins
jenkins_plugin_timeout: 120
pre_tasks:
- include_tasks: java-8.yml
roles:
- geerlingguy.java
- geerlingguy.jenkins
post_tasks:
- name: Verify JENKINS_HOME is correct.
stat:
path: "{{ jenkins_home }}/config.xml"
register: jenkins_home_config
- name: Fail if Jenkins config file doesn't exist.
fail:
when: not jenkins_home_config.stat.exists
- name: List plugins directory contents.
command: "ls {{ jenkins_home }}/plugins"
register: plugins_contents
changed_when: false
tags: ['skip_ansible_lint']
- name: Verify greenballs plugin exists.
stat:
path: "{{ jenkins_home }}/plugins/greenballs.jpi"
register: greenballs_plugin
- name: Fail if greenballs plugin file doesn't exist.
fail:
when: not greenballs_plugin.stat.exists
- name: Verify cloudbees-folder plugin exists.
stat:
path: "{{ jenkins_home }}/plugins/cloudbees-folder.jpi"
register: folder_plugin
- name: Fail if cloudbees-folder plugin file doesn't exist.
fail:
when: not folder_plugin.stat.exists
- name: Ensure Jenkins is running.
uri:
url: "http://127.0.0.1:8080/"
status_code: 200
register: result
until: result.status == 200
retries: 60
delay: 1

24
roles/geerlingguy.jenkins/molecule/default/prefix.yml
View file

@ -1,24 +0,0 @@
---
- name: Converge
hosts: all
become: true
vars:
jenkins_url_prefix: /jenkins
pre_tasks:
- include_tasks: java-8.yml
roles:
- geerlingguy.java
- geerlingguy.jenkins
post_tasks:
- name: Ensure Jenkins is running with the specified prefix.
uri:
url: "http://127.0.0.1:8080{{ jenkins_url_prefix }}"
status_code: 200
register: result
until: result.status == 200
retries: 60
delay: 1

2
roles/geerlingguy.jenkins/molecule/default/requirements.yml
View file

@ -1,2 +0,0 @@
---
- src: geerlingguy.java

67
roles/geerlingguy.jenkins/tasks/main.yml
View file

@ -1,67 +0,0 @@
---
# Variable setup.
- name: Include OS-Specific variables
include_vars: "{{ ansible_os_family }}.yml"
- name: Define jenkins_repo_url
set_fact:
jenkins_repo_url: "{{ __jenkins_repo_url }}"
when: jenkins_repo_url is not defined
- name: Define jenkins_repo_key_url
set_fact:
jenkins_repo_key_url: "{{ __jenkins_repo_key_url }}"
when: jenkins_repo_key_url is not defined
- name: Define jenkins_pkg_url
set_fact:
jenkins_pkg_url: "{{ __jenkins_pkg_url }}"
when: jenkins_pkg_url is not defined
# Setup/install tasks.
- include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian'
# Configure Jenkins init settings.
- include_tasks: settings.yml
# Make sure Jenkins starts, then configure Jenkins.
- name: Ensure Jenkins is started and runs on startup.
service: name=jenkins state=started enabled=yes
- name: Wait for Jenkins to start up before proceeding.
uri:
url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}/cli/"
method: GET
return_content: "yes"
timeout: 5
body_format: raw
follow_redirects: "no"
status_code: 200,403
register: result
until: (result.status == 403 or result.status == 200) and (result.content.find("Please wait while") == -1)
retries: "{{ jenkins_connection_retries }}"
delay: "{{ jenkins_connection_delay }}"
changed_when: false
check_mode: false
- name: Get the jenkins-cli jarfile from the Jenkins server.
get_url:
url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}/jnlpJars/jenkins-cli.jar"
dest: "{{ jenkins_jar_location }}"
register: jarfile_get
until: "'OK' in jarfile_get.msg or '304' in jarfile_get.msg or 'file already exists' in jarfile_get.msg"
retries: 5
delay: 10
check_mode: false
- name: Remove Jenkins security init scripts after first startup.
file:
path: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy"
state: absent
# Update Jenkins and install configured plugins.
- include_tasks: plugins.yml

63
roles/geerlingguy.jenkins/tasks/plugins.yml
View file

@ -1,63 +0,0 @@
---
# jenkins_plugin module doesn't support password files.
- name: Get Jenkins admin password from file.
slurp:
src: "{{ jenkins_admin_password_file }}"
register: adminpasswordfile
no_log: true
when: jenkins_admin_password_file | default(false)
tags: ['skip_ansible_lint']
- name: Set Jenkins admin password fact.
set_fact:
jenkins_admin_password: "{{ adminpasswordfile['stdout'] | default(jenkins_admin_password) }}"
no_log: true
# Update Jenkins so that plugin updates don't fail.
- name: Create Jenkins updates directory.
file:
path: "{{ jenkins_home }}/updates"
state: directory
owner: jenkins
group: jenkins
mode: 0755
- name: Download current plugin updates from Jenkins update site.
get_url:
url: "{{ jenkins_updates_url }}/update-center.json"
dest: "{{ jenkins_home }}/updates/default.json"
owner: jenkins
group: jenkins
mode: 0440
changed_when: false
register: get_result
until: get_result is success
retries: 3
delay: 2
- name: Remove first and last line from json file.
replace: # noqa 208
path: "{{ jenkins_home }}/updates/default.json"
regexp: "1d;$d"
- name: Install Jenkins plugins using password.
jenkins_plugin:
name: "{{ item.name | default(item) }}"
version: "{{ item.version | default(omit) }}"
jenkins_home: "{{ jenkins_home }}"
url_username: "{{ jenkins_admin_username }}"
url_password: "{{ jenkins_admin_password }}"
state: "{{ 'present' if item.version is defined else jenkins_plugins_state }}"
timeout: "{{ jenkins_plugin_timeout }}"
updates_expiration: "{{ jenkins_plugin_updates_expiration }}"
updates_url: "{{ jenkins_updates_url }}"
url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}"
with_dependencies: "{{ jenkins_plugins_install_dependencies }}"
with_items: "{{ jenkins_plugins }}"
when: jenkins_admin_password | default(false)
notify: restart jenkins
tags: ['skip_ansible_lint']
register: plugin_result
until: plugin_result is success
retries: 3
delay: 2

86
roles/geerlingguy.jenkins/tasks/settings.yml
View file

@ -1,86 +0,0 @@
---
- name: Check if jenkins_init_file exists.
stat:
path: "{{ jenkins_init_file }}"
register: jenkins_init_file_stat
- name: Ensure jenkins_init_file exists.
file:
path: "{{ jenkins_init_file }}"
state: touch
mode: 0644
when: not jenkins_init_file_stat.stat.exists
- name: Modify variables in init file.
lineinfile:
dest: "{{ jenkins_init_file }}"
insertafter: '^{{ item.option }}='
regexp: '^{{ item.option }}=\"\${{ item.option }} '
line: '{{ item.option }}="${{ item.option }} {{ item.value }}"'
state: present
mode: 0644
with_items: "{{ jenkins_init_changes }}"
register: jenkins_init_prefix
- name: Ensure jenkins_home {{ jenkins_home }} exists.
file:
path: "{{ jenkins_home }}"
state: directory
owner: jenkins
group: jenkins
mode: u+rwx
follow: true
- name: Set the Jenkins home directory.
lineinfile:
dest: "{{ jenkins_init_file }}"
regexp: '^JENKINS_HOME=.*'
line: 'JENKINS_HOME={{ jenkins_home }}'
mode: 0644
register: jenkins_home_config
- name: Immediately restart Jenkins on init config changes.
service: name=jenkins state=restarted
when: jenkins_init_prefix.changed
tags: ['skip_ansible_lint']
- name: Set HTTP port in Jenkins config.
lineinfile:
backrefs: true
dest: "{{ jenkins_init_file }}"
regexp: '^{{ jenkins_http_port_param }}='
line: '{{ jenkins_http_port_param }}={{ jenkins_http_port }}'
mode: 0644
register: jenkins_http_config
- name: Create custom init scripts directory.
file:
path: "{{ jenkins_home }}/init.groovy.d"
state: directory
owner: "{{ jenkins_process_user }}"
group: "{{ jenkins_process_group }}"
mode: 0775
- name: Configure proxy config for Jenkins
template:
src: proxy.xml
dest: "{{ jenkins_home }}/proxy.xml"
owner: "{{ jenkins_process_user }}"
group: "{{ jenkins_process_group }}"
mode: 0664
register: jenkins_proxy_config
when:
- jenkins_proxy_host | length > 0
- jenkins_proxy_port | length > 0
- name: Trigger handlers immediately in case Jenkins was installed
meta: flush_handlers
- name: Immediately restart Jenkins on http or user changes.
service: name=jenkins state=restarted
when: >
(jenkins_users_config is defined and jenkins_users_config.changed)
or (jenkins_http_config is defined and jenkins_http_config.changed)
or (jenkins_home_config is defined and jenkins_home_config.changed)
or (jenkins_proxy_config is defined and jenkins_proxy_config.changed)
tags: ['skip_ansible_lint']

46
roles/geerlingguy.jenkins/tasks/setup-Debian.yml
View file

@ -1,46 +0,0 @@
---
- name: Ensure dependencies are installed.
apt:
name:
- curl
- apt-transport-https
- gnupg
state: present
- name: Add Jenkins apt repository key.
apt_key:
url: "{{ jenkins_repo_key_url }}"
state: present
- name: Add Jenkins apt repository.
apt_repository:
repo: "{{ jenkins_repo_url }}"
state: present
update_cache: true
when: jenkins_repo_url | default(false)
tags: ['skip_ansible_lint']
- name: Download specific Jenkins version.
get_url:
url: "{{ jenkins_pkg_url }}/jenkins_{{ jenkins_version }}_all.deb"
dest: "/tmp/jenkins_{{ jenkins_version }}_all.deb"
when: jenkins_version is defined
- name: Check if we downloaded a specific version of Jenkins.
stat:
path: "/tmp/jenkins_{{ jenkins_version }}_all.deb"
register: specific_version
when: jenkins_version is defined
- name: Install our specific version of Jenkins.
apt:
deb: "/tmp/jenkins_{{ jenkins_version }}_all.deb"
state: present
when: jenkins_version is defined and specific_version.stat.exists
notify: configure default users
- name: Ensure Jenkins is installed.
apt:
name: jenkins
state: "{{ jenkins_package_state }}"
notify: configure default users

45
roles/geerlingguy.jenkins/tasks/setup-RedHat.yml
View file

@ -1,45 +0,0 @@
---
- name: Ensure dependencies are installed.
package:
name:
- curl
- initscripts
- "{{ 'libselinux-python' if ansible_python['version']['major'] < 3 else 'python3-libselinux' }}"
state: present
- name: Ensure Jenkins repo is installed.
get_url:
url: "{{ jenkins_repo_url }}"
dest: /etc/yum.repos.d/jenkins.repo
when: jenkins_repo_url | default(false)
- name: Add Jenkins repo GPG key.
rpm_key:
state: present
key: "{{ jenkins_repo_key_url }}"
when: jenkins_repo_url | default(false)
- name: Download specific Jenkins version.
get_url:
url: "{{ jenkins_pkg_url }}/jenkins-{{ jenkins_version }}-1.1.noarch.rpm"
dest: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm"
when: jenkins_version is defined
- name: Check if we downloaded a specific version of Jenkins.
stat:
path: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm"
register: specific_version
when: jenkins_version is defined
- name: Install our specific version of Jenkins.
package:
name: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm"
state: present
when: jenkins_version is defined and specific_version.stat.exists
notify: configure default users
- name: Ensure Jenkins is installed.
package:
name: jenkins
state: "{{ jenkins_package_state }}"
notify: configure default users

28
roles/geerlingguy.jenkins/templates/basic-security.groovy.j2
View file

@ -1,28 +0,0 @@
#!groovy
import hudson.security.*
import jenkins.model.*
def instance = Jenkins.getInstance()
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
def users = hudsonRealm.getAllUsers()
users_s = users.collect { it.toString() }
// Create the admin user account if it doesn't already exist.
if ("{{ jenkins_admin_username }}" in users_s) {
println "Admin user already exists - updating password"
def user = hudson.model.User.get('{{ jenkins_admin_username }}');
def password = hudson.security.HudsonPrivateSecurityRealm.Details.fromPlainPassword('{{ jenkins_admin_password }}')
user.addProperty(password)
user.save()
}
else {
println "--> creating local admin user"
hudsonRealm.createAccount('{{ jenkins_admin_username }}', '{{ jenkins_admin_password }}')
instance.setSecurityRealm(hudsonRealm)
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
instance.setAuthorizationStrategy(strategy)
instance.save()
}

7
roles/geerlingguy.jenkins/templates/proxy.xml
View file

@ -1,7 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<proxy>
<name>{{ jenkins_proxy_host }}</name>
<port>{{ jenkins_proxy_port}}</port>
<noProxyHost>{{ jenkins_proxy_noproxy | join(',') }}</noProxyHost>
<secretPassword></secretPassword>
</proxy>

0
roles/geerlingguy.jenkins/tests/test-plugins.yml
View file

7
roles/geerlingguy.jenkins/vars/Debian.yml
View file

@ -1,7 +0,0 @@
---
__jenkins_repo_url: deb https://pkg.jenkins.io/debian{{ '-stable' if (jenkins_prefer_lts | bool) else '' }} binary/
__jenkins_repo_key_url: https://pkg.jenkins.io/debian{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.io.key
__jenkins_pkg_url: https://pkg.jenkins.io/debian/binary
jenkins_init_file: /etc/default/jenkins
jenkins_http_port_param: HTTP_PORT
jenkins_java_options_env_var: JAVA_ARGS

7
roles/geerlingguy.jenkins/vars/RedHat.yml
View file

@ -1,7 +0,0 @@
---
__jenkins_repo_url: https://pkg.jenkins.io/redhat{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.repo
__jenkins_repo_key_url: https://pkg.jenkins.io/redhat{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.io.key
__jenkins_pkg_url: https://pkg.jenkins.io/redhat
jenkins_init_file: /etc/sysconfig/jenkins
jenkins_http_port_param: JENKINS_PORT
jenkins_java_options_env_var: JENKINS_JAVA_OPTIONS