diff --git a/.vagrant/machines/default/virtualbox/action_set_name b/.vagrant/machines/default/virtualbox/action_set_name new file mode 100644 index 0000000..b0f69f9 --- /dev/null +++ b/.vagrant/machines/default/virtualbox/action_set_name @@ -0,0 +1 @@ +1556550033 \ No newline at end of file diff --git a/.vagrant/machines/default/virtualbox/creator_uid b/.vagrant/machines/default/virtualbox/creator_uid new file mode 100644 index 0000000..7cebf7d --- /dev/null +++ b/.vagrant/machines/default/virtualbox/creator_uid @@ -0,0 +1 @@ +1001 \ No newline at end of file diff --git a/.vagrant/machines/default/virtualbox/id b/.vagrant/machines/default/virtualbox/id new file mode 100644 index 0000000..22b3ed4 --- /dev/null +++ b/.vagrant/machines/default/virtualbox/id @@ -0,0 +1 @@ +96b95408-ffc7-44c3-919f-402645785ccd \ No newline at end of file diff --git a/.vagrant/machines/default/virtualbox/index_uuid b/.vagrant/machines/default/virtualbox/index_uuid new file mode 100644 index 0000000..eab0594 --- /dev/null +++ b/.vagrant/machines/default/virtualbox/index_uuid @@ -0,0 +1 @@ +3d922cc5783b466ab28a7ae61cc46639 \ No newline at end of file diff --git a/.vagrant/machines/default/virtualbox/vagrant_cwd b/.vagrant/machines/default/virtualbox/vagrant_cwd new file mode 100644 index 0000000..cf368e8 --- /dev/null +++ b/.vagrant/machines/default/virtualbox/vagrant_cwd @@ -0,0 +1 @@ +/home/jamestombleson/Documents/github/ansible \ No newline at end of file diff --git a/.vagrant/rgloader/loader.rb b/.vagrant/rgloader/loader.rb new file mode 100644 index 0000000..c3c05b0 --- /dev/null +++ b/.vagrant/rgloader/loader.rb @@ -0,0 +1,9 @@ +# This file loads the proper rgloader/loader.rb file that comes packaged +# with Vagrant so that encoded files can properly run with Vagrant. + +if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"] + require File.expand_path( + "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]) +else + raise "Encoded files can't be read outside of the Vagrant installer." +end diff --git a/playbook/linux/elastic/role-test.yml b/playbook/linux/elastic/role-test.yml index 25bcafc..32b0952 100644 --- a/playbook/linux/elastic/role-test.yml +++ b/playbook/linux/elastic/role-test.yml @@ -3,7 +3,13 @@ hosts: elastic tasks: - - name: test role + - name: install/Update Java + become: true + import_role: + name: geerlingguy.java + + - name: install elasticsearch + become: true import_role: name: elasticsearch vars: @@ -12,15 +18,17 @@ ufw_transport_port: true systemd_enabled: true systemd_restart: true + node_name: "{{ ansible_hostname }}" + discovery_seed_hosts: "'127.0.0.1', '172.20.0.142', '192.168.0.173'" + cluster_initial_master_nodes: " '172.20.0.142', '192.168.0.173' " - name: install kibana + become: true import_role: name: kibana vars: server_port: 5601 - server_host: ansible_default_ipv4.address - server_name: ansible_hostname - elasticsearch_hosts: - #- http://192.168.0.173:9200 - - http://192.168.0.60:9200 + server_host: "{{ ansible_default_ipv4.address }}" + server_name: "{{ ansible_hostname }}" + elasticsearch_hosts: " 'http://localhost:9200', 'http://dm-nagios.local:9200', 'http://172.20.0.142:9200' " diff --git a/playbook/linux/install-jenkins.yml b/playbook/linux/install-jenkins.yml new file mode 100644 index 0000000..ca7d174 --- /dev/null +++ b/playbook/linux/install-jenkins.yml @@ -0,0 +1,19 @@ + +--- + +- name: install Jenkins + hosts: jenkins + + tasks: + - name: Install Java + become: true + included_role: + name: geerlingguy.java + vars: + + # https://galaxy.ansible.com/geerlingguy/jenkins + - name: Install Jenkins + become: true + included_role: + name: geerlingguy.jenkins + diff --git a/roles/elasticsearch/defaults/main.yml b/roles/elasticsearch/defaults/main.yml index a2a291c..4b59327 100644 --- a/roles/elasticsearch/defaults/main.yml +++ b/roles/elasticsearch/defaults/main.yml @@ -28,6 +28,16 @@ transport_host: 'localhost' # A bind port range. Defaults to 9300-9400. transport_port: 9300 +# +# Discovery +# + +# Format data like so " '172.0.0.1', '192.168.0.0' " +discovery_seed_host: "127.0.0.1" + +#cluster_initial_master_nodes: ["node-1", "node-2"] +cluster_initial_master_nodes: "'node-1', 'node-2'" + # # Firewall configuration # diff --git a/roles/elasticsearch/templates/elasticsearch.j2 b/roles/elasticsearch/templates/elasticsearch.j2 index 5dc9754..83e5523 100755 --- a/roles/elasticsearch/templates/elasticsearch.j2 +++ b/roles/elasticsearch/templates/elasticsearch.j2 @@ -23,8 +23,8 @@ cluster.name: {{ cluster_name }} # #node.name: node-1 node.name: {{ node_name }} -node.master: {{ node_master }} -node.data: {{ node_data }} +#node.master: {{ node_master }} +#node.data: {{ node_data }} # # Add custom attributes to the node: # @@ -61,7 +61,7 @@ network.host: {{ ansible_default_ipv4.address }} # Set a custom port for HTTP: # http.port: {{ http_port }} -transport.host: {{ transport_host }} +#transport.host: {{ transport_host }} transport.tcp.port: {{ transport_port }} # # For more information, consult the network module documentation.# @@ -72,10 +72,12 @@ transport.tcp.port: {{ transport_port }} # The default list of hosts is ["127.0.0.1", "[::1]"] # #discovery.seed_hosts: ["host1", "host2"] +{{ discovery_seed_hosts_def }} # # Bootstrap the cluster using an initial set of master-eligible nodes: # #cluster.initial_master_nodes: ["node-1", "node-2"] +cluster.initial_master_nodes: [ {{ cluster_initial_master_nodes }} ] # # For more information, consult the discovery and cluster formation module documentation. # diff --git a/roles/elasticsearch/vars/main.yml b/roles/elasticsearch/vars/main.yml index 7d1daf9..c0056f6 100644 --- a/roles/elasticsearch/vars/main.yml +++ b/roles/elasticsearch/vars/main.yml @@ -22,3 +22,6 @@ transport_host: localhost transport_tcp_port: 9300 +discovery_seed_hosts: 172.0.0.1 + +discovery_seed_hosts_def: "discovery.seed_hosts: [ {{ discovery_seed_hosts }} ]" diff --git a/roles/geerlingguy.java/.gitignore b/roles/geerlingguy.java/.gitignore new file mode 100644 index 0000000..f56f5b5 --- /dev/null +++ b/roles/geerlingguy.java/.gitignore @@ -0,0 +1,3 @@ +*.retry +*/__pycache__ +*.pyc diff --git a/roles/geerlingguy.java/.travis.yml b/roles/geerlingguy.java/.travis.yml new file mode 100644 index 0000000..4fb19f9 --- /dev/null +++ b/roles/geerlingguy.java/.travis.yml @@ -0,0 +1,32 @@ +--- +language: python +services: docker + +env: + global: + - ROLE_NAME: java + matrix: + - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: centos6 + - MOLECULE_DISTRO: fedora27 + - MOLECULE_DISTRO: ubuntu1804 + - MOLECULE_DISTRO: ubuntu1604 + - MOLECULE_DISTRO: debian9 + - MOLECULE_DISTRO: debian8 + +install: + # Install test dependencies. + - pip install molecule docker + +before_script: + # Use actual Ansible Galaxy role name for the project directory. + - cd ../ + - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME + - cd geerlingguy.$ROLE_NAME + +script: + # Run tests. + - molecule test + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/geerlingguy.java/LICENSE b/roles/geerlingguy.java/LICENSE new file mode 100644 index 0000000..4275cf3 --- /dev/null +++ b/roles/geerlingguy.java/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2017 Jeff Geerling + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.java/README.md b/roles/geerlingguy.java/README.md new file mode 100644 index 0000000..7bc991f --- /dev/null +++ b/roles/geerlingguy.java/README.md @@ -0,0 +1,67 @@ +# Ansible Role: Java + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-java.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-java) + +Installs Java for RedHat/CentOS and Debian/Ubuntu linux servers. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values: + + # The defaults provided by this role are specific to each distribution. + java_packages: + - java-1.7.0-openjdk + +Set the version/development kit of Java to install, along with any other necessary Java packages. Some other options include are included in the distribution-specific files in this role's 'defaults' folder. + + java_home: "" + +If set, the role will set the global environment variable `JAVA_HOME` to this value. + +## Dependencies + +None. + +## Example Playbook (using default package, usually OpenJDK 7) + + - hosts: servers + roles: + - role: geerlingguy.java + become: yes + +## Example Playbook (install OpenJDK 8) + +For RHEL / CentOS: + + - hosts: server + roles: + - role: geerlingguy.java + when: "ansible_os_family == 'RedHat'" + java_packages: + - java-1.8.0-openjdk + +For Ubuntu < 16.04: + + - hosts: server + tasks: + - name: installing repo for Java 8 in Ubuntu + apt_repository: repo='ppa:openjdk-r/ppa' + + - hosts: server + roles: + - role: geerlingguy.java + when: "ansible_os_family == 'Debian'" + java_packages: + - openjdk-8-jdk + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.java/defaults/main.yml b/roles/geerlingguy.java/defaults/main.yml new file mode 100644 index 0000000..aaf519d --- /dev/null +++ b/roles/geerlingguy.java/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# Set java_packages if you would like to use a different version than the +# default (OpenJDK 1.7). +# java_packages: [] + +java_home: "" diff --git a/roles/geerlingguy.java/meta/.galaxy_install_info b/roles/geerlingguy.java/meta/.galaxy_install_info new file mode 100644 index 0000000..b945bcc --- /dev/null +++ b/roles/geerlingguy.java/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: Mon Apr 29 14:19:43 2019 +version: 1.9.5 diff --git a/roles/geerlingguy.java/meta/main.yml b/roles/geerlingguy.java/meta/main.yml new file mode 100644 index 0000000..57fec56 --- /dev/null +++ b/roles/geerlingguy.java/meta/main.yml @@ -0,0 +1,39 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Java for Linux + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 2.4 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: Debian + versions: + - wheezy + - jessie + - stretch + - name: Ubuntu + versions: + - precise + - trusty + - xenial + - bionic + - name: FreeBSD + versions: + - 10.2 + galaxy_tags: + - development + - system + - web + - java + - jdk + - openjdk + - oracle diff --git a/roles/geerlingguy.java/molecule/default/molecule.yml b/roles/geerlingguy.java/molecule/default/molecule.yml new file mode 100644 index 0000000..2ca6fea --- /dev/null +++ b/roles/geerlingguy.java/molecule/default/molecule.yml @@ -0,0 +1,29 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-file: molecule/default/yaml-lint.yml +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + lint: + name: ansible-lint + playbooks: + converge: ${MOLECULE_PLAYBOOK:-playbook.yml} +scenario: + name: default +verifier: + name: testinfra + lint: + name: flake8 diff --git a/roles/geerlingguy.java/molecule/default/playbook.yml b/roles/geerlingguy.java/molecule/default/playbook.yml new file mode 100644 index 0000000..c99558d --- /dev/null +++ b/roles/geerlingguy.java/molecule/default/playbook.yml @@ -0,0 +1,13 @@ +--- +- name: Converge + hosts: all + become: true + + pre_tasks: + - name: Update apt cache. + apt: update_cache=true cache_valid_time=600 + when: ansible_os_family == 'Debian' + changed_when: false + + roles: + - role: geerlingguy.java diff --git a/roles/geerlingguy.java/molecule/default/tests/test_default.py b/roles/geerlingguy.java/molecule/default/tests/test_default.py new file mode 100644 index 0000000..eedd64a --- /dev/null +++ b/roles/geerlingguy.java/molecule/default/tests/test_default.py @@ -0,0 +1,14 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_hosts_file(host): + f = host.file('/etc/hosts') + + assert f.exists + assert f.user == 'root' + assert f.group == 'root' diff --git a/roles/geerlingguy.java/molecule/default/yaml-lint.yml b/roles/geerlingguy.java/molecule/default/yaml-lint.yml new file mode 100644 index 0000000..a3dbc38 --- /dev/null +++ b/roles/geerlingguy.java/molecule/default/yaml-lint.yml @@ -0,0 +1,6 @@ +--- +extends: default +rules: + line-length: + max: 120 + level: warning diff --git a/roles/geerlingguy.java/tasks/main.yml b/roles/geerlingguy.java/tasks/main.yml new file mode 100644 index 0000000..b2a6ded --- /dev/null +++ b/roles/geerlingguy.java/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: Include OS-specific variables for Fedora or FreeBSD. + include_vars: "{{ ansible_distribution }}.yml" + when: ansible_distribution == 'FreeBSD' or ansible_distribution == 'Fedora' + +- name: Include version-specific variables for CentOS/RHEL. + include_vars: "RedHat-{{ ansible_distribution_version.split('.')[0] }}.yml" + when: ansible_distribution == 'CentOS' or + ansible_distribution == 'Red Hat Enterprise Linux' or + ansible_distribution == 'RedHat' + +- name: Include version-specific variables for Ubuntu. + include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + when: ansible_distribution == 'Ubuntu' + +- name: Include version-specific variables for Debian. + include_vars: "{{ ansible_distribution|title }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + when: ansible_os_family == 'Debian' + +- name: Define java_packages. + set_fact: + java_packages: "{{ __java_packages | list }}" + when: java_packages is not defined + +# Setup/install tasks. +- include_tasks: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include_tasks: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- include_tasks: setup-FreeBSD.yml + when: ansible_os_family == 'FreeBSD' + +# Environment setup. +- name: Set JAVA_HOME if configured. + template: + src: java_home.sh.j2 + dest: /etc/profile.d/java_home.sh + mode: 0644 + when: java_home is defined and java_home diff --git a/roles/geerlingguy.java/tasks/setup-Debian.yml b/roles/geerlingguy.java/tasks/setup-Debian.yml new file mode 100644 index 0000000..cecbd45 --- /dev/null +++ b/roles/geerlingguy.java/tasks/setup-Debian.yml @@ -0,0 +1,16 @@ +--- +# See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863199 and +# https://github.com/geerlingguy/ansible-role-java/issues/64 +- name: Ensure 'man' directory exists. + file: + path: /usr/share/man/man1 + state: directory + recurse: true + when: + - ansible_distribution == 'Ubuntu' + - ansible_distribution_version == '18.04' + +- name: Ensure Java is installed. + apt: + name: "{{ java_packages }}" + state: present diff --git a/roles/geerlingguy.java/tasks/setup-FreeBSD.yml b/roles/geerlingguy.java/tasks/setup-FreeBSD.yml new file mode 100644 index 0000000..ba66872 --- /dev/null +++ b/roles/geerlingguy.java/tasks/setup-FreeBSD.yml @@ -0,0 +1,11 @@ +--- +- name: Ensure Java is installed. + pkgng: + name: "{{ java_packages }}" + state: present + +- name: ensure proc is mounted + mount: name=/proc fstype=procfs src=proc opts=rw state=mounted + +- name: ensure fdesc is mounted + mount: name=/dev/fd fstype=fdescfs src=fdesc opts=rw state=mounted diff --git a/roles/geerlingguy.java/tasks/setup-RedHat.yml b/roles/geerlingguy.java/tasks/setup-RedHat.yml new file mode 100644 index 0000000..1306945 --- /dev/null +++ b/roles/geerlingguy.java/tasks/setup-RedHat.yml @@ -0,0 +1,5 @@ +--- +- name: Ensure Java is installed. + package: + name: "{{ java_packages }}" + state: present diff --git a/roles/geerlingguy.java/templates/java_home.sh.j2 b/roles/geerlingguy.java/templates/java_home.sh.j2 new file mode 100644 index 0000000..4859c4a --- /dev/null +++ b/roles/geerlingguy.java/templates/java_home.sh.j2 @@ -0,0 +1 @@ +export JAVA_HOME={{ java_home }} diff --git a/roles/geerlingguy.java/vars/Debian-8.yml b/roles/geerlingguy.java/vars/Debian-8.yml new file mode 100644 index 0000000..8d620e4 --- /dev/null +++ b/roles/geerlingguy.java/vars/Debian-8.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - openjdk-6-jdk +# - openjdk-7-jdk +__java_packages: + - openjdk-7-jdk diff --git a/roles/geerlingguy.java/vars/Debian-9.yml b/roles/geerlingguy.java/vars/Debian-9.yml new file mode 100644 index 0000000..17e49bf --- /dev/null +++ b/roles/geerlingguy.java/vars/Debian-9.yml @@ -0,0 +1,6 @@ +--- +# JDK version options include: +# - java +# - openjdk-8-jdk +__java_packages: + - openjdk-8-jdk diff --git a/roles/geerlingguy.java/vars/Fedora.yml b/roles/geerlingguy.java/vars/Fedora.yml new file mode 100644 index 0000000..47c5a01 --- /dev/null +++ b/roles/geerlingguy.java/vars/Fedora.yml @@ -0,0 +1,6 @@ +--- +# JDK version options include: +# - java +# - java-1.8.0-openjdk +__java_packages: + - java-1.8.0-openjdk diff --git a/roles/geerlingguy.java/vars/FreeBSD.yml b/roles/geerlingguy.java/vars/FreeBSD.yml new file mode 100644 index 0000000..0d712eb --- /dev/null +++ b/roles/geerlingguy.java/vars/FreeBSD.yml @@ -0,0 +1,7 @@ +--- +# JDK version options for FreeBSD include: +# - openjdk +# - openjdk6 +# - openjdk8 +__java_packages: + - openjdk diff --git a/roles/geerlingguy.java/vars/RedHat-6.yml b/roles/geerlingguy.java/vars/RedHat-6.yml new file mode 100644 index 0000000..70694b7 --- /dev/null +++ b/roles/geerlingguy.java/vars/RedHat-6.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - java-1.6.0-openjdk +# - java-1.7.0-openjdk +__java_packages: + - java-1.7.0-openjdk diff --git a/roles/geerlingguy.java/vars/RedHat-7.yml b/roles/geerlingguy.java/vars/RedHat-7.yml new file mode 100644 index 0000000..64db579 --- /dev/null +++ b/roles/geerlingguy.java/vars/RedHat-7.yml @@ -0,0 +1,8 @@ +--- +# JDK version options include: +# - java +# - java-1.6.0-openjdk +# - java-1.7.0-openjdk +# - java-1.8.0-openjdk +__java_packages: + - java-1.8.0-openjdk diff --git a/roles/geerlingguy.java/vars/Ubuntu-12.yml b/roles/geerlingguy.java/vars/Ubuntu-12.yml new file mode 100644 index 0000000..8d620e4 --- /dev/null +++ b/roles/geerlingguy.java/vars/Ubuntu-12.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - openjdk-6-jdk +# - openjdk-7-jdk +__java_packages: + - openjdk-7-jdk diff --git a/roles/geerlingguy.java/vars/Ubuntu-14.yml b/roles/geerlingguy.java/vars/Ubuntu-14.yml new file mode 100644 index 0000000..8d620e4 --- /dev/null +++ b/roles/geerlingguy.java/vars/Ubuntu-14.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - openjdk-6-jdk +# - openjdk-7-jdk +__java_packages: + - openjdk-7-jdk diff --git a/roles/geerlingguy.java/vars/Ubuntu-16.yml b/roles/geerlingguy.java/vars/Ubuntu-16.yml new file mode 100644 index 0000000..0a0bd82 --- /dev/null +++ b/roles/geerlingguy.java/vars/Ubuntu-16.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - openjdk-8-jdk +# - openjdk-9-jdk +__java_packages: + - openjdk-8-jdk diff --git a/roles/geerlingguy.java/vars/Ubuntu-18.yml b/roles/geerlingguy.java/vars/Ubuntu-18.yml new file mode 100644 index 0000000..bd058c2 --- /dev/null +++ b/roles/geerlingguy.java/vars/Ubuntu-18.yml @@ -0,0 +1,6 @@ +--- +# JDK version options include: +# - java +# - openjdk-11-jdk +__java_packages: + - openjdk-11-jdk diff --git a/roles/geerlingguy.jenkins/.ansible-lint b/roles/geerlingguy.jenkins/.ansible-lint new file mode 100644 index 0000000..3f7f42d --- /dev/null +++ b/roles/geerlingguy.jenkins/.ansible-lint @@ -0,0 +1,2 @@ +skip_list: + - '602' diff --git a/roles/geerlingguy.jenkins/.gitignore b/roles/geerlingguy.jenkins/.gitignore new file mode 100644 index 0000000..f56f5b5 --- /dev/null +++ b/roles/geerlingguy.jenkins/.gitignore @@ -0,0 +1,3 @@ +*.retry +*/__pycache__ +*.pyc diff --git a/roles/geerlingguy.jenkins/.travis.yml b/roles/geerlingguy.jenkins/.travis.yml new file mode 100644 index 0000000..6bba6d9 --- /dev/null +++ b/roles/geerlingguy.jenkins/.travis.yml @@ -0,0 +1,43 @@ +--- +language: python +services: docker + +env: + global: + - ROLE_NAME: jenkins + matrix: + # Test defaults. + - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: ubuntu1804 + - MOLECULE_DISTRO: ubuntu1604 + - MOLECULE_DISTRO: debian9 + + # Test other role features. + - MOLECULE_DISTRO: ubuntu1804 + MOLECULE_PLAYBOOK: playbook-http-port.yml + + - MOLECULE_DISTRO: ubuntu1804 + MOLECULE_PLAYBOOK: playbook-prefix.yml + + - MOLECULE_DISTRO: centos7 + MOLECULE_PLAYBOOK: playbook-jenkins-version.yml + + - MOLECULE_DISTRO: ubuntu1804 + MOLECULE_PLAYBOOK: playbook-plugins-with-home.yml + +install: + # Install test dependencies. + - pip install molecule docker + +before_script: + # Use actual Ansible Galaxy role name for the project directory. + - cd ../ + - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME + - cd geerlingguy.$ROLE_NAME + +script: + # Run tests. + - molecule test + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/geerlingguy.jenkins/LICENSE b/roles/geerlingguy.jenkins/LICENSE new file mode 100644 index 0000000..4275cf3 --- /dev/null +++ b/roles/geerlingguy.jenkins/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2017 Jeff Geerling + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.jenkins/README.md b/roles/geerlingguy.jenkins/README.md new file mode 100644 index 0000000..320118c --- /dev/null +++ b/roles/geerlingguy.jenkins/README.md @@ -0,0 +1,135 @@ +# Ansible Role: Jenkins CI + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-jenkins.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-jenkins) + +Installs Jenkins CI on RHEL/CentOS and Debian/Ubuntu servers. + +## Requirements + +Requires `curl` to be installed on the server. Also, newer versions of Jenkins require Java 8+ (see the test playbooks inside the `tests/` directory for an example of how to use newer versions of Java for your OS). + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + jenkins_package_state: present + +The state of the `jenkins` package install. By default this role installs Jenkins but will not upgrade Jenkins (when using package-based installs). If you want to always update to the latest version, change this to `latest`. + + jenkins_hostname: localhost + +The system hostname; usually `localhost` works fine. This will be used during setup to communicate with the running Jenkins instance via HTTP requests. + + jenkins_home: /var/lib/jenkins + +The Jenkins home directory which, amongst others, is being used for storing artifacts, workspaces and plugins. This variable allows you to override the default `/var/lib/jenkins` location. + + jenkins_http_port: 8080 + +The HTTP port for Jenkins' web interface. + + jenkins_admin_username: admin + jenkins_admin_password: admin + +Default admin account credentials which will be created the first time Jenkins is installed. + + jenkins_admin_password_file: "" + +Default admin password file which will be created the first time Jenkins is installed as /var/lib/jenkins/secrets/initialAdminPassword + + jenkins_jar_location: /opt/jenkins-cli.jar + +The location at which the `jenkins-cli.jar` jarfile will be kept. This is used for communicating with Jenkins via the CLI. + + jenkins_plugins: [] + +Jenkins plugins to be installed automatically during provisioning. + + jenkins_plugins_install_dependencies: true + +Whether Jenkins plugins to be installed should also install any plugin dependencies. + + jenkins_plugins_state: present + +Use `latest` to ensure all plugins are running the most up-to-date version. + + jenkins_plugin_updates_expiration: 86400 + +Number of seconds after which a new copy of the update-center.json file is downloaded. Set it to 0 if no cache file should be used. + + jenkins_updates_url: "https://updates.jenkins.io" + +The URL to use for Jenkins plugin updates and update-center information. + + jenkins_plugin_timeout: 30 + +The server connection timeout, in seconds, when installing Jenkins plugins. + + jenkins_version: "1.644" + jenkins_pkg_url: "http://www.example.com" + +(Optional) Then Jenkins version can be pinned to any version available on `http://pkg.jenkins-ci.org/debian/` (Debian/Ubuntu) or `http://pkg.jenkins-ci.org/redhat/` (RHEL/CentOS). If the Jenkins version you need is not available in the default package URLs, you can override the URL with your own; set `jenkins_pkg_url` (_Note_: the role depends on the same naming convention that `http://pkg.jenkins-ci.org/` uses). + + jenkins_url_prefix: "" + +Used for setting a URL prefix for your Jenkins installation. The option is added as `--prefix={{ jenkins_url_prefix }}` to the Jenkins initialization `java` invocation, so you can access the installation at a path like `http://www.example.com{{ jenkins_url_prefix }}`. Make sure you start the prefix with a `/` (e.g. `/jenkins`). + + jenkins_connection_delay: 5 + jenkins_connection_retries: 60 + +Amount of time and number of times to wait when connecting to Jenkins after initial startup, to verify that Jenkins is running. Total time to wait = `delay` * `retries`, so by default this role will wait up to 300 seconds before timing out. + + # For RedHat/CentOS (role default): + jenkins_repo_url: http://pkg.jenkins-ci.org/redhat/jenkins.repo + jenkins_repo_key_url: http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key + # For Debian (role default): + jenkins_repo_url: deb http://pkg.jenkins-ci.org/debian binary/ + jenkins_repo_key_url: http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key + +This role will install the latest version of Jenkins by default (using the official repositories as listed above). You can override these variables (use the correct set for your platform) to install the current LTS version instead: + + # For RedHat/CentOS LTS: + jenkins_repo_url: http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo + jenkins_repo_key_url: http://pkg.jenkins-ci.org/redhat-stable/jenkins-ci.org.key + # For Debian/Ubuntu LTS: + jenkins_repo_url: deb http://pkg.jenkins-ci.org/debian-stable binary/ + jenkins_repo_key_url: http://pkg.jenkins-ci.org/debian-stable/jenkins-ci.org.key + +It is also possible stop the repo file being added by setting `jenkins_repo_url = ''`. This is useful if, for example, you sign your own packages or run internal package management (e.g. Spacewalk). + + jenkins_java_options: "-Djenkins.install.runSetupWizard=false" + +Extra Java options for the Jenkins launch command configured in the init file can be set with the var `jenkins_java_options`. For example, if you want to configure the timezone Jenkins uses, add `-Dorg.apache.commons.jelly.tags.fmt.timeZone=America/New_York`. By default, the option to disable the Jenkins 2.0 setup wizard is added. + + jenkins_init_changes: + - option: "JENKINS_ARGS" + value: "--prefix={{ jenkins_url_prefix }}" + - option: "JENKINS_JAVA_OPTIONS" + value: "{{ jenkins_java_options }}" + +Changes made to the Jenkins init script; the default set of changes set the configured URL prefix and add in configured Java options for Jenkins' startup. You can add other option/value pairs if you need to set other options for the Jenkins init file. + +## Dependencies + + - geerlingguy.java + +## Example Playbook + +```yaml +- hosts: jenkins + vars: + jenkins_hostname: jenkins.example.com + roles: + - role: geerlingguy.java + become: yes + - role: geerlingguy.jenkins + become: yes +``` + +## License + +MIT (Expat) / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.jenkins/defaults/main.yml b/roles/geerlingguy.jenkins/defaults/main.yml new file mode 100644 index 0000000..b159e71 --- /dev/null +++ b/roles/geerlingguy.jenkins/defaults/main.yml @@ -0,0 +1,37 @@ +--- +# Optional method of pinning a specific version of Jenkins and/or overriding the +# default Jenkins packaging URL. +# jenkins_version: "1.644" +# jenkins_pkg_url: "https://www.example.com" + +# Change this to `latest` to update Jenkins if a newer version is available. +jenkins_package_state: present + +jenkins_connection_delay: 5 +jenkins_connection_retries: 60 +jenkins_home: /var/lib/jenkins +jenkins_hostname: localhost +jenkins_http_port: 8080 +jenkins_jar_location: /opt/jenkins-cli.jar +jenkins_url_prefix: "" +jenkins_java_options: "-Djenkins.install.runSetupWizard=false" + +jenkins_plugins: [] +jenkins_plugins_state: present +jenkins_plugin_updates_expiration: 86400 +jenkins_plugin_timeout: 30 +jenkins_plugins_install_dependencies: true +jenkins_updates_url: "https://updates.jenkins.io" + +jenkins_admin_username: admin +jenkins_admin_password: admin +jenkins_admin_password_file: "" + +jenkins_process_user: jenkins +jenkins_process_group: "{{ jenkins_process_user }}" + +jenkins_init_changes: + - option: "JENKINS_ARGS" + value: "--prefix={{ jenkins_url_prefix }}" + - option: "{{ jenkins_java_options_env_var }}" + value: "{{ jenkins_java_options }}" diff --git a/roles/geerlingguy.jenkins/handlers/main.yml b/roles/geerlingguy.jenkins/handlers/main.yml new file mode 100644 index 0000000..005440b --- /dev/null +++ b/roles/geerlingguy.jenkins/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: restart jenkins + service: name=jenkins state=restarted + +- name: configure default users + template: + src: basic-security.groovy.j2 + dest: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy" + owner: "{{ jenkins_process_user }}" + group: "{{ jenkins_process_group }}" + mode: 0775 + register: jenkins_users_config diff --git a/roles/geerlingguy.jenkins/meta/.galaxy_install_info b/roles/geerlingguy.jenkins/meta/.galaxy_install_info new file mode 100644 index 0000000..3b50624 --- /dev/null +++ b/roles/geerlingguy.jenkins/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: Mon Apr 29 14:19:40 2019 +version: 3.7.0 diff --git a/roles/geerlingguy.jenkins/meta/main.yml b/roles/geerlingguy.jenkins/meta/main.yml new file mode 100644 index 0000000..54ab892 --- /dev/null +++ b/roles/geerlingguy.jenkins/meta/main.yml @@ -0,0 +1,29 @@ +--- +dependencies: + - geerlingguy.java + +galaxy_info: + author: geerlingguy + description: Jenkins CI + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 2.4 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - development + - packaging + - jenkins + - ci diff --git a/roles/geerlingguy.jenkins/molecule/default/java-8.yml b/roles/geerlingguy.jenkins/molecule/default/java-8.yml new file mode 100644 index 0000000..cadaf39 --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/java-8.yml @@ -0,0 +1,51 @@ +--- +# Ubuntu. +- name: Add repository for OpenJDK 8 (Ubuntu 14). + apt_repository: repo='ppa:openjdk-r/ppa' + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_version == "14.04" + +# Debian. +- name: Enable Backports repository (Debian 8). + apt_repository: + repo: 'deb http://ftp.debian.org/debian {{ ansible_distribution_release }}-backports main' + state: present + filename: "{{ ansible_distribution_release }}_backports" + when: ansible_distribution == "Debian" + +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=600 + when: ansible_os_family == 'Debian' + changed_when: false + +# See: http://unix.stackexchange.com/a/342469 +- name: Install dependencies. + apt: + default_release: "{{ ansible_distribution_release }}-backports" + name: + - openjdk-8-jre-headless + - ca-certificates-java + state: present + when: ansible_distribution == "Debian" + +# Red Hat. +- name: Set the java_packages variable (RedHat). + set_fact: + java_packages: + - java-1.8.0-openjdk + when: ansible_os_family == 'RedHat' + +# Ubuntu. +- name: Set the java_packages variable (Ubuntu). + set_fact: + java_packages: + - openjdk-8-jdk + when: ansible_distribution == 'Ubuntu' + +# Debian. +- name: Set the java_packages variable (Debian). + set_fact: + java_packages: + - openjdk-8-jdk + when: ansible_distribution == 'Debian' diff --git a/roles/geerlingguy.jenkins/molecule/default/molecule.yml b/roles/geerlingguy.jenkins/molecule/default/molecule.yml new file mode 100644 index 0000000..2ca6fea --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/molecule.yml @@ -0,0 +1,29 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-file: molecule/default/yaml-lint.yml +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + lint: + name: ansible-lint + playbooks: + converge: ${MOLECULE_PLAYBOOK:-playbook.yml} +scenario: + name: default +verifier: + name: testinfra + lint: + name: flake8 diff --git a/roles/geerlingguy.jenkins/molecule/default/playbook-http-port.yml b/roles/geerlingguy.jenkins/molecule/default/playbook-http-port.yml new file mode 100644 index 0000000..1f4bba2 --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/playbook-http-port.yml @@ -0,0 +1,24 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + jenkins_http_port: 8081 + + pre_tasks: + - include_tasks: java-8.yml + + roles: + - geerlingguy.java + - geerlingguy.jenkins + + post_tasks: + - name: Ensure Jenkins is running on the specified port. + uri: + url: "http://127.0.0.1:{{ jenkins_http_port }}" + status_code: 200 + register: result + until: result.status == 200 + retries: 60 + delay: 1 diff --git a/roles/geerlingguy.jenkins/molecule/default/playbook-jenkins-version.yml b/roles/geerlingguy.jenkins/molecule/default/playbook-jenkins-version.yml new file mode 100644 index 0000000..8f36796 --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/playbook-jenkins-version.yml @@ -0,0 +1,27 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + jenkins_version: "1.644" + + roles: + - geerlingguy.java + - geerlingguy.jenkins + + post_tasks: + - name: Check installed version of Jenkins. + command: rpm -q jenkins + args: + warn: false + changed_when: false + register: jenkins_rpm_version + tags: ['skip_ansible_lint'] + + - name: Print installed Jenkins package information. + debug: var=jenkins_rpm_version + + - name: Fail if version doesn't match what we wanted. + fail: + when: "jenkins_version not in jenkins_rpm_version.stdout" diff --git a/roles/geerlingguy.jenkins/molecule/default/playbook-plugins-with-home.yml b/roles/geerlingguy.jenkins/molecule/default/playbook-plugins-with-home.yml new file mode 100644 index 0000000..92a699d --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/playbook-plugins-with-home.yml @@ -0,0 +1,52 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + jenkins_plugins: + - ghprb + - greenballs + jenkins_home: /tmp/jenkins + jenkins_plugin_timeout: 120 + + pre_tasks: + - include_tasks: java-8.yml + + roles: + - geerlingguy.java + - geerlingguy.jenkins + + post_tasks: + - name: Verify JENKINS_HOME is correct. + stat: + path: "{{ jenkins_home }}/config.xml" + register: jenkins_home_config + + - name: Fail if Jenkins config file doesn't exist. + fail: + when: not jenkins_home_config.stat.exists + + - name: List plugins directory contents. + command: "ls {{ jenkins_home }}/plugins" + register: plugins_contents + changed_when: false + tags: ['skip_ansible_lint'] + + - name: Verify greenballs plugin exists. + stat: + path: "{{ jenkins_home }}/plugins/greenballs.jpi" + register: greenballs_plugin + + - name: Fail if greenballs plugin file doesn't exist. + fail: + when: not greenballs_plugin.stat.exists + + - name: Ensure Jenkins is running. + uri: + url: "http://127.0.0.1:8080/" + status_code: 200 + register: result + until: result.status == 200 + retries: 60 + delay: 1 diff --git a/roles/geerlingguy.jenkins/molecule/default/playbook-prefix.yml b/roles/geerlingguy.jenkins/molecule/default/playbook-prefix.yml new file mode 100644 index 0000000..23d12fc --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/playbook-prefix.yml @@ -0,0 +1,24 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + jenkins_url_prefix: /jenkins + + pre_tasks: + - include_tasks: java-8.yml + + roles: + - geerlingguy.java + - geerlingguy.jenkins + + post_tasks: + - name: Ensure Jenkins is running with the specified prefix. + uri: + url: "http://127.0.0.1:8080{{ jenkins_url_prefix }}" + status_code: 200 + register: result + until: result.status == 200 + retries: 60 + delay: 1 diff --git a/roles/geerlingguy.jenkins/molecule/default/playbook.yml b/roles/geerlingguy.jenkins/molecule/default/playbook.yml new file mode 100644 index 0000000..15532b5 --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + become: true + + pre_tasks: + - include_tasks: java-8.yml + + roles: + - role: geerlingguy.java + - role: geerlingguy.jenkins + + post_tasks: + - name: Check if Jenkins is running. + uri: + url: "http://127.0.0.1:8080/" diff --git a/roles/geerlingguy.jenkins/molecule/default/requirements.yml b/roles/geerlingguy.jenkins/molecule/default/requirements.yml new file mode 100644 index 0000000..8fbe7cb --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/requirements.yml @@ -0,0 +1,2 @@ +--- +- src: geerlingguy.java diff --git a/roles/geerlingguy.jenkins/molecule/default/yaml-lint.yml b/roles/geerlingguy.jenkins/molecule/default/yaml-lint.yml new file mode 100644 index 0000000..c9aab08 --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/yaml-lint.yml @@ -0,0 +1,6 @@ +--- +extends: default +rules: + line-length: + max: 150 + level: warning diff --git a/roles/geerlingguy.jenkins/tasks/main.yml b/roles/geerlingguy.jenkins/tasks/main.yml new file mode 100644 index 0000000..c302929 --- /dev/null +++ b/roles/geerlingguy.jenkins/tasks/main.yml @@ -0,0 +1,66 @@ +--- +# Variable setup. +- name: Include OS-Specific variables + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define jenkins_repo_url + set_fact: + jenkins_repo_url: "{{ __jenkins_repo_url }}" + when: jenkins_repo_url is not defined + +- name: Define jenkins_repo_key_url + set_fact: + jenkins_repo_key_url: "{{ __jenkins_repo_key_url }}" + when: jenkins_repo_key_url is not defined + +- name: Define jenkins_pkg_url + set_fact: + jenkins_pkg_url: "{{ __jenkins_pkg_url }}" + when: jenkins_pkg_url is not defined + +# Setup/install tasks. +- include_tasks: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include_tasks: setup-Debian.yml + when: ansible_os_family == 'Debian' + +# Configure Jenkins init settings. +- include_tasks: settings.yml + +# Make sure Jenkins starts, then configure Jenkins. +- name: Ensure Jenkins is started and runs on startup. + service: name=jenkins state=started enabled=yes + +- name: Wait for Jenkins to start up before proceeding. + command: > + curl -D - --silent --max-time 5 http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}/cli/ + args: + warn: false + register: result + until: > + (result.stdout.find("403 Forbidden") != -1) + or (result.stdout.find("200 OK") != -1) + and (result.stdout.find("Please wait while") == -1) + retries: "{{ jenkins_connection_retries }}" + delay: "{{ jenkins_connection_delay }}" + changed_when: false + check_mode: false + +- name: Get the jenkins-cli jarfile from the Jenkins server. + get_url: + url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}/jnlpJars/jenkins-cli.jar" + dest: "{{ jenkins_jar_location }}" + register: jarfile_get + until: "'OK' in jarfile_get.msg or '304' in jarfile_get.msg or 'file already exists' in jarfile_get.msg" + retries: 5 + delay: 10 + check_mode: false + +- name: Remove Jenkins security init scripts after first startup. + file: + path: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy" + state: absent + +# Update Jenkins and install configured plugins. +- include_tasks: plugins.yml diff --git a/roles/geerlingguy.jenkins/tasks/plugins.yml b/roles/geerlingguy.jenkins/tasks/plugins.yml new file mode 100644 index 0000000..1807590 --- /dev/null +++ b/roles/geerlingguy.jenkins/tasks/plugins.yml @@ -0,0 +1,61 @@ +--- +# jenkins_plugin module doesn't support password files. +- name: Get Jenkins admin password from file. + slurp: + src: "{{ jenkins_admin_password_file }}" + register: adminpasswordfile + no_log: true + when: jenkins_admin_password_file != "" + tags: ['skip_ansible_lint'] + +- name: Set Jenkins admin password fact. + set_fact: + jenkins_admin_password: "{{ adminpasswordfile['stdout'] | default(jenkins_admin_password) }}" + no_log: true + +# Update Jenkins so that plugin updates don't fail. +- name: Create Jenkins updates directory. + file: + path: "{{ jenkins_home }}/updates" + state: directory + owner: jenkins + group: jenkins + +- name: Download current plugin updates from Jenkins update site. + get_url: + url: "{{ jenkins_updates_url }}/update-center.json" + dest: "{{ jenkins_home }}/updates/default.json" + owner: jenkins + group: jenkins + mode: 0440 + changed_when: false + register: get_result + until: get_result is success + retries: 3 + delay: 2 + +- name: Remove first and last line from json file. + replace: + path: "{{ jenkins_home }}/updates/default.json" + regexp: "1d;$d" + +- name: Install Jenkins plugins using password. + jenkins_plugin: + name: "{{ item }}" + jenkins_home: "{{ jenkins_home }}" + url_username: "{{ jenkins_admin_username }}" + url_password: "{{ jenkins_admin_password }}" + state: "{{ jenkins_plugins_state }}" + timeout: "{{ jenkins_plugin_timeout }}" + updates_expiration: "{{ jenkins_plugin_updates_expiration }}" + updates_url: "{{ jenkins_updates_url }}" + url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}" + with_dependencies: "{{ jenkins_plugins_install_dependencies }}" + with_items: "{{ jenkins_plugins }}" + when: jenkins_admin_password != "" + notify: restart jenkins + tags: ['skip_ansible_lint'] + register: plugin_result + until: plugin_result is success + retries: 3 + delay: 2 diff --git a/roles/geerlingguy.jenkins/tasks/settings.yml b/roles/geerlingguy.jenkins/tasks/settings.yml new file mode 100644 index 0000000..6d11c43 --- /dev/null +++ b/roles/geerlingguy.jenkins/tasks/settings.yml @@ -0,0 +1,69 @@ +--- +- name: Check if jenkins_init_file exists. + stat: + path: "{{ jenkins_init_file }}" + register: jenkins_init_file_stat + +- name: Ensure jenkins_init_file exists. + file: + path: "{{ jenkins_init_file }}" + state: touch + when: not jenkins_init_file_stat.stat.exists + +- name: Modify variables in init file. + lineinfile: + dest: "{{ jenkins_init_file }}" + insertafter: '^{{ item.option }}=' + regexp: '^{{ item.option }}=\"\${{ item.option }} ' + line: '{{ item.option }}="${{ item.option }} {{ item.value }}"' + state: present + with_items: "{{ jenkins_init_changes }}" + register: jenkins_init_prefix + +- name: Set the Jenkins home directory. + lineinfile: + dest: "{{ jenkins_init_file }}" + regexp: '^JENKINS_HOME=.*' + line: 'JENKINS_HOME={{ jenkins_home }}' + register: jenkins_home_config + +- name: Immediately restart Jenkins on init config changes. + service: name=jenkins state=restarted + when: jenkins_init_prefix.changed + tags: ['skip_ansible_lint'] + +- name: Set HTTP port in Jenkins config. + lineinfile: + backrefs: true + dest: "{{ jenkins_init_file }}" + regexp: '^{{ jenkins_http_port_param }}=' + line: '{{ jenkins_http_port_param }}={{ jenkins_http_port }}' + register: jenkins_http_config + +- name: Ensure jenkins_home {{ jenkins_home }} exists + file: + path: "{{ jenkins_home }}" + state: directory + owner: jenkins + group: jenkins + mode: u+rwx + follow: true + +- name: Create custom init scripts directory. + file: + path: "{{ jenkins_home }}/init.groovy.d" + state: directory + owner: "{{ jenkins_process_user }}" + group: "{{ jenkins_process_group }}" + mode: 0775 + +- name: Trigger handlers immediately in case Jenkins was installed + meta: flush_handlers + +- name: Immediately restart Jenkins on http or user changes. + service: name=jenkins state=restarted + when: > + (jenkins_users_config is defined and jenkins_users_config.changed) + or (jenkins_http_config is defined and jenkins_http_config.changed) + or (jenkins_home_config is defined and jenkins_home_config.changed) + tags: ['skip_ansible_lint'] diff --git a/roles/geerlingguy.jenkins/tasks/setup-Debian.yml b/roles/geerlingguy.jenkins/tasks/setup-Debian.yml new file mode 100644 index 0000000..7f81a14 --- /dev/null +++ b/roles/geerlingguy.jenkins/tasks/setup-Debian.yml @@ -0,0 +1,45 @@ +--- +- name: Ensure dependencies are installed. + apt: + name: + - curl + - apt-transport-https + state: present + +- name: Add Jenkins apt repository key. + apt_key: + url: "{{ jenkins_repo_key_url }}" + state: present + +- name: Add Jenkins apt repository. + apt_repository: + repo: "{{ jenkins_repo_url }}" + state: present + update_cache: true + when: jenkins_repo_url != "" + tags: ['skip_ansible_lint'] + +- name: Download specific Jenkins version. + get_url: + url: "{{ jenkins_pkg_url }}/jenkins_{{ jenkins_version }}_all.deb" + dest: "/tmp/jenkins_{{ jenkins_version }}_all.deb" + when: jenkins_version is defined + +- name: Check if we downloaded a specific version of Jenkins. + stat: + path: "/tmp/jenkins_{{ jenkins_version }}_all.deb" + register: specific_version + when: jenkins_version is defined + +- name: Install our specific version of Jenkins. + apt: + deb: "/tmp/jenkins_{{ jenkins_version }}_all.deb" + state: present + when: jenkins_version is defined and specific_version.stat.exists + notify: configure default users + +- name: Ensure Jenkins is installed. + apt: + name: jenkins + state: "{{ jenkins_package_state }}" + notify: configure default users diff --git a/roles/geerlingguy.jenkins/tasks/setup-RedHat.yml b/roles/geerlingguy.jenkins/tasks/setup-RedHat.yml new file mode 100644 index 0000000..e5ee979 --- /dev/null +++ b/roles/geerlingguy.jenkins/tasks/setup-RedHat.yml @@ -0,0 +1,45 @@ +--- +- name: Ensure dependencies are installed. + package: + name: + - curl + - libselinux-python + - initscripts + state: present + +- name: Ensure Jenkins repo is installed. + get_url: + url: "{{ jenkins_repo_url }}" + dest: /etc/yum.repos.d/jenkins.repo + when: jenkins_repo_url != "" + tags: ['skip_ansible_lint'] + +- name: Add Jenkins repo GPG key. + rpm_key: + state: present + key: "{{ jenkins_repo_key_url }}" + +- name: Download specific Jenkins version. + get_url: + url: "{{ jenkins_pkg_url }}/jenkins-{{ jenkins_version }}-1.1.noarch.rpm" + dest: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm" + when: jenkins_version is defined + +- name: Check if we downloaded a specific version of Jenkins. + stat: + path: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm" + register: specific_version + when: jenkins_version is defined + +- name: Install our specific version of Jenkins. + package: + name: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm" + state: present + when: jenkins_version is defined and specific_version.stat.exists + notify: configure default users + +- name: Ensure Jenkins is installed. + package: + name: jenkins + state: "{{ jenkins_package_state }}" + notify: configure default users diff --git a/roles/geerlingguy.jenkins/templates/basic-security.groovy.j2 b/roles/geerlingguy.jenkins/templates/basic-security.groovy.j2 new file mode 100644 index 0000000..c1d0758 --- /dev/null +++ b/roles/geerlingguy.jenkins/templates/basic-security.groovy.j2 @@ -0,0 +1,28 @@ +#!groovy +import hudson.security.* +import jenkins.model.* + +def instance = Jenkins.getInstance() +def hudsonRealm = new HudsonPrivateSecurityRealm(false) +def users = hudsonRealm.getAllUsers() +users_s = users.collect { it.toString() } + +// Create the admin user account if it doesn't already exist. +if ("{{ jenkins_admin_username }}" in users_s) { + println "Admin user already exists - updating password" + + def user = hudson.model.User.get('{{ jenkins_admin_username }}'); + def password = hudson.security.HudsonPrivateSecurityRealm.Details.fromPlainPassword('{{ jenkins_admin_password }}') + user.addProperty(password) + user.save() +} +else { + println "--> creating local admin user" + + hudsonRealm.createAccount('{{ jenkins_admin_username }}', '{{ jenkins_admin_password }}') + instance.setSecurityRealm(hudsonRealm) + + def strategy = new FullControlOnceLoggedInAuthorizationStrategy() + instance.setAuthorizationStrategy(strategy) + instance.save() +} diff --git a/roles/geerlingguy.jenkins/vars/Debian.yml b/roles/geerlingguy.jenkins/vars/Debian.yml new file mode 100644 index 0000000..526c9bf --- /dev/null +++ b/roles/geerlingguy.jenkins/vars/Debian.yml @@ -0,0 +1,7 @@ +--- +__jenkins_repo_url: deb https://pkg.jenkins.io/debian binary/ +__jenkins_repo_key_url: https://pkg.jenkins.io/debian/jenkins.io.key +__jenkins_pkg_url: https://pkg.jenkins.io/debian/binary +jenkins_init_file: /etc/default/jenkins +jenkins_http_port_param: HTTP_PORT +jenkins_java_options_env_var: JAVA_ARGS diff --git a/roles/geerlingguy.jenkins/vars/RedHat.yml b/roles/geerlingguy.jenkins/vars/RedHat.yml new file mode 100644 index 0000000..82d8845 --- /dev/null +++ b/roles/geerlingguy.jenkins/vars/RedHat.yml @@ -0,0 +1,7 @@ +--- +__jenkins_repo_url: https://pkg.jenkins.io/redhat/jenkins.repo +__jenkins_repo_key_url: https://pkg.jenkins.io/redhat/jenkins.io.key +__jenkins_pkg_url: https://pkg.jenkins.io/redhat +jenkins_init_file: /etc/sysconfig/jenkins +jenkins_http_port_param: JENKINS_PORT +jenkins_java_options_env_var: JENKINS_JAVA_OPTIONS diff --git a/roles/kibana/defaults/main.yml b/roles/kibana/defaults/main.yml index 577fd91..a4d714b 100644 --- a/roles/kibana/defaults/main.yml +++ b/roles/kibana/defaults/main.yml @@ -34,5 +34,5 @@ server_host: localhost server_name: ansible_hostname # The URLs of the Elasticsearch instances to use for all your queries. -elasticsearch_hosts: - - localhost +# example: " 'http://localhost:9200', 'http://192.168.0.1:9200' " +elasticsearch_hosts: " 'http://localhost:9200' " diff --git a/roles/kibana/tasks/main.yml b/roles/kibana/tasks/main.yml index 442e090..768a3f8 100644 --- a/roles/kibana/tasks/main.yml +++ b/roles/kibana/tasks/main.yml @@ -1,2 +1,7 @@ --- -# tasks file for kibana \ No newline at end of file +# tasks file for kibana + + +- name: install kibana on ubuntu + when: ansible_distribution == "Ubuntu" + include: ubuntu.yml diff --git a/roles/kibana/tasks/ubuntu.yml b/roles/kibana/tasks/ubuntu.yml index 6086ed5..5f93792 100644 --- a/roles/kibana/tasks/ubuntu.yml +++ b/roles/kibana/tasks/ubuntu.yml @@ -17,11 +17,11 @@ backup: true - name: Allow 5601 though UFW - when: ufw_server_port == true_ + when: ufw_server_port == true become: true ufw: rule: allow - port: server_port + port: "{{ server_port }}" - name: systemd - daemon reload become: true diff --git a/roles/kibana/templates/kibana.j2 b/roles/kibana/templates/kibana.j2 index ee09b97..c77c2b7 100644 --- a/roles/kibana/templates/kibana.j2 +++ b/roles/kibana/templates/kibana.j2 @@ -8,7 +8,7 @@ server.port: {{ server_port }} # To allow connections from remote users, set this parameter to a non-loopback address. #server.host: "192.168.0.173" -server.host: {{ server_host }} +server.host: "{{ server_host }}" # Enables you to specify a path to mount Kibana at if you are running behind a proxy. # Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath @@ -26,13 +26,11 @@ server.host: {{ server_host }} #server.maxPayloadBytes: 1048576 # The Kibana server's name. This is used for display purposes. -server.name: {{ server_name }} +server.name: "{{ server_name }}" # The URLs of the Elasticsearch instances to use for all your queries. #elasticsearch.hosts: ["http://localhost:9200"] -elasticsearch.hosts: [ - {{ elasticsearch_hosts }} -] +elasticsearch.hosts: [ {{ elasticsearch_hosts }} ] # When this setting's value is true Kibana uses the hostname specified in the server.host # setting. When the value of this setting is false, Kibana uses the hostname of the host