Added Roles

Jenkins
Java
Adding Elastic support for clusters
This commit is contained in:
James Tombleson 2019-04-29 16:08:04 -07:00
parent b7facd7394
commit 642da849d6
67 changed files with 1293 additions and 19 deletions

View File

@ -0,0 +1 @@
1556550033

View File

@ -0,0 +1 @@
1001

View File

@ -0,0 +1 @@
96b95408-ffc7-44c3-919f-402645785ccd

View File

@ -0,0 +1 @@
3d922cc5783b466ab28a7ae61cc46639

View File

@ -0,0 +1 @@
/home/jamestombleson/Documents/github/ansible

View File

@ -0,0 +1,9 @@
# This file loads the proper rgloader/loader.rb file that comes packaged
# with Vagrant so that encoded files can properly run with Vagrant.
if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
require File.expand_path(
"rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
else
raise "Encoded files can't be read outside of the Vagrant installer."
end

View File

@ -3,7 +3,13 @@
hosts: elastic hosts: elastic
tasks: tasks:
- name: test role - name: install/Update Java
become: true
import_role:
name: geerlingguy.java
- name: install elasticsearch
become: true
import_role: import_role:
name: elasticsearch name: elasticsearch
vars: vars:
@ -12,15 +18,17 @@
ufw_transport_port: true ufw_transport_port: true
systemd_enabled: true systemd_enabled: true
systemd_restart: true systemd_restart: true
node_name: "{{ ansible_hostname }}"
discovery_seed_hosts: "'127.0.0.1', '172.20.0.142', '192.168.0.173'"
cluster_initial_master_nodes: " '172.20.0.142', '192.168.0.173' "
- name: install kibana - name: install kibana
become: true
import_role: import_role:
name: kibana name: kibana
vars: vars:
server_port: 5601 server_port: 5601
server_host: ansible_default_ipv4.address server_host: "{{ ansible_default_ipv4.address }}"
server_name: ansible_hostname server_name: "{{ ansible_hostname }}"
elasticsearch_hosts: elasticsearch_hosts: " 'http://localhost:9200', 'http://dm-nagios.local:9200', 'http://172.20.0.142:9200' "
#- http://192.168.0.173:9200
- http://192.168.0.60:9200

View File

@ -0,0 +1,19 @@
---
- name: install Jenkins
hosts: jenkins
tasks:
- name: Install Java
become: true
included_role:
name: geerlingguy.java
vars:
# https://galaxy.ansible.com/geerlingguy/jenkins
- name: Install Jenkins
become: true
included_role:
name: geerlingguy.jenkins

View File

@ -28,6 +28,16 @@ transport_host: 'localhost'
# A bind port range. Defaults to 9300-9400. # A bind port range. Defaults to 9300-9400.
transport_port: 9300 transport_port: 9300
#
# Discovery
#
# Format data like so " '172.0.0.1', '192.168.0.0' "
discovery_seed_host: "127.0.0.1"
#cluster_initial_master_nodes: ["node-1", "node-2"]
cluster_initial_master_nodes: "'node-1', 'node-2'"
# #
# Firewall configuration # Firewall configuration
# #

View File

@ -23,8 +23,8 @@ cluster.name: {{ cluster_name }}
# #
#node.name: node-1 #node.name: node-1
node.name: {{ node_name }} node.name: {{ node_name }}
node.master: {{ node_master }} #node.master: {{ node_master }}
node.data: {{ node_data }} #node.data: {{ node_data }}
# #
# Add custom attributes to the node: # Add custom attributes to the node:
# #
@ -61,7 +61,7 @@ network.host: {{ ansible_default_ipv4.address }}
# Set a custom port for HTTP: # Set a custom port for HTTP:
# #
http.port: {{ http_port }} http.port: {{ http_port }}
transport.host: {{ transport_host }} #transport.host: {{ transport_host }}
transport.tcp.port: {{ transport_port }} transport.tcp.port: {{ transport_port }}
# #
# For more information, consult the network module documentation.# # For more information, consult the network module documentation.#
@ -72,10 +72,12 @@ transport.tcp.port: {{ transport_port }}
# The default list of hosts is ["127.0.0.1", "[::1]"] # The default list of hosts is ["127.0.0.1", "[::1]"]
# #
#discovery.seed_hosts: ["host1", "host2"] #discovery.seed_hosts: ["host1", "host2"]
{{ discovery_seed_hosts_def }}
# #
# Bootstrap the cluster using an initial set of master-eligible nodes: # Bootstrap the cluster using an initial set of master-eligible nodes:
# #
#cluster.initial_master_nodes: ["node-1", "node-2"] #cluster.initial_master_nodes: ["node-1", "node-2"]
cluster.initial_master_nodes: [ {{ cluster_initial_master_nodes }} ]
# #
# For more information, consult the discovery and cluster formation module documentation. # For more information, consult the discovery and cluster formation module documentation.
# #

View File

@ -22,3 +22,6 @@ transport_host: localhost
transport_tcp_port: 9300 transport_tcp_port: 9300
discovery_seed_hosts: 172.0.0.1
discovery_seed_hosts_def: "discovery.seed_hosts: [ {{ discovery_seed_hosts }} ]"

3
roles/geerlingguy.java/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.retry
*/__pycache__
*.pyc

View File

@ -0,0 +1,32 @@
---
language: python
services: docker
env:
global:
- ROLE_NAME: java
matrix:
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: centos6
- MOLECULE_DISTRO: fedora27
- MOLECULE_DISTRO: ubuntu1804
- MOLECULE_DISTRO: ubuntu1604
- MOLECULE_DISTRO: debian9
- MOLECULE_DISTRO: debian8
install:
# Install test dependencies.
- pip install molecule docker
before_script:
# Use actual Ansible Galaxy role name for the project directory.
- cd ../
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
- cd geerlingguy.$ROLE_NAME
script:
# Run tests.
- molecule test
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

View File

@ -0,0 +1,67 @@
# Ansible Role: Java
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-java.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-java)
Installs Java for RedHat/CentOS and Debian/Ubuntu linux servers.
## Requirements
None.
## Role Variables
Available variables are listed below, along with default values:
# The defaults provided by this role are specific to each distribution.
java_packages:
- java-1.7.0-openjdk
Set the version/development kit of Java to install, along with any other necessary Java packages. Some other options include are included in the distribution-specific files in this role's 'defaults' folder.
java_home: ""
If set, the role will set the global environment variable `JAVA_HOME` to this value.
## Dependencies
None.
## Example Playbook (using default package, usually OpenJDK 7)
- hosts: servers
roles:
- role: geerlingguy.java
become: yes
## Example Playbook (install OpenJDK 8)
For RHEL / CentOS:
- hosts: server
roles:
- role: geerlingguy.java
when: "ansible_os_family == 'RedHat'"
java_packages:
- java-1.8.0-openjdk
For Ubuntu < 16.04:
- hosts: server
tasks:
- name: installing repo for Java 8 in Ubuntu
apt_repository: repo='ppa:openjdk-r/ppa'
- hosts: server
roles:
- role: geerlingguy.java
when: "ansible_os_family == 'Debian'"
java_packages:
- openjdk-8-jdk
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

View File

@ -0,0 +1,6 @@
---
# Set java_packages if you would like to use a different version than the
# default (OpenJDK 1.7).
# java_packages: []
java_home: ""

View File

@ -0,0 +1,2 @@
install_date: Mon Apr 29 14:19:43 2019
version: 1.9.5

View File

@ -0,0 +1,39 @@
---
dependencies: []
galaxy_info:
author: geerlingguy
description: Java for Linux
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- 6
- 7
- name: Fedora
versions:
- all
- name: Debian
versions:
- wheezy
- jessie
- stretch
- name: Ubuntu
versions:
- precise
- trusty
- xenial
- bionic
- name: FreeBSD
versions:
- 10.2
galaxy_tags:
- development
- system
- web
- java
- jdk
- openjdk
- oracle

View File

@ -0,0 +1,29 @@
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
options:
config-file: molecule/default/yaml-lint.yml
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
lint:
name: ansible-lint
playbooks:
converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
scenario:
name: default
verifier:
name: testinfra
lint:
name: flake8

View File

@ -0,0 +1,13 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
roles:
- role: geerlingguy.java

View File

@ -0,0 +1,14 @@
import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def test_hosts_file(host):
f = host.file('/etc/hosts')
assert f.exists
assert f.user == 'root'
assert f.group == 'root'

View File

@ -0,0 +1,6 @@
---
extends: default
rules:
line-length:
max: 120
level: warning

View File

@ -0,0 +1,41 @@
---
- name: Include OS-specific variables for Fedora or FreeBSD.
include_vars: "{{ ansible_distribution }}.yml"
when: ansible_distribution == 'FreeBSD' or ansible_distribution == 'Fedora'
- name: Include version-specific variables for CentOS/RHEL.
include_vars: "RedHat-{{ ansible_distribution_version.split('.')[0] }}.yml"
when: ansible_distribution == 'CentOS' or
ansible_distribution == 'Red Hat Enterprise Linux' or
ansible_distribution == 'RedHat'
- name: Include version-specific variables for Ubuntu.
include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
when: ansible_distribution == 'Ubuntu'
- name: Include version-specific variables for Debian.
include_vars: "{{ ansible_distribution|title }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
when: ansible_os_family == 'Debian'
- name: Define java_packages.
set_fact:
java_packages: "{{ __java_packages | list }}"
when: java_packages is not defined
# Setup/install tasks.
- include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian'
- include_tasks: setup-FreeBSD.yml
when: ansible_os_family == 'FreeBSD'
# Environment setup.
- name: Set JAVA_HOME if configured.
template:
src: java_home.sh.j2
dest: /etc/profile.d/java_home.sh
mode: 0644
when: java_home is defined and java_home

View File

@ -0,0 +1,16 @@
---
# See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863199 and
# https://github.com/geerlingguy/ansible-role-java/issues/64
- name: Ensure 'man' directory exists.
file:
path: /usr/share/man/man1
state: directory
recurse: true
when:
- ansible_distribution == 'Ubuntu'
- ansible_distribution_version == '18.04'
- name: Ensure Java is installed.
apt:
name: "{{ java_packages }}"
state: present

View File

@ -0,0 +1,11 @@
---
- name: Ensure Java is installed.
pkgng:
name: "{{ java_packages }}"
state: present
- name: ensure proc is mounted
mount: name=/proc fstype=procfs src=proc opts=rw state=mounted
- name: ensure fdesc is mounted
mount: name=/dev/fd fstype=fdescfs src=fdesc opts=rw state=mounted

View File

@ -0,0 +1,5 @@
---
- name: Ensure Java is installed.
package:
name: "{{ java_packages }}"
state: present

View File

@ -0,0 +1 @@
export JAVA_HOME={{ java_home }}

View File

@ -0,0 +1,7 @@
---
# JDK version options include:
# - java
# - openjdk-6-jdk
# - openjdk-7-jdk
__java_packages:
- openjdk-7-jdk

View File

@ -0,0 +1,6 @@
---
# JDK version options include:
# - java
# - openjdk-8-jdk
__java_packages:
- openjdk-8-jdk

View File

@ -0,0 +1,6 @@
---
# JDK version options include:
# - java
# - java-1.8.0-openjdk
__java_packages:
- java-1.8.0-openjdk

View File

@ -0,0 +1,7 @@
---
# JDK version options for FreeBSD include:
# - openjdk
# - openjdk6
# - openjdk8
__java_packages:
- openjdk

View File

@ -0,0 +1,7 @@
---
# JDK version options include:
# - java
# - java-1.6.0-openjdk
# - java-1.7.0-openjdk
__java_packages:
- java-1.7.0-openjdk

View File

@ -0,0 +1,8 @@
---
# JDK version options include:
# - java
# - java-1.6.0-openjdk
# - java-1.7.0-openjdk
# - java-1.8.0-openjdk
__java_packages:
- java-1.8.0-openjdk

View File

@ -0,0 +1,7 @@
---
# JDK version options include:
# - java
# - openjdk-6-jdk
# - openjdk-7-jdk
__java_packages:
- openjdk-7-jdk

View File

@ -0,0 +1,7 @@
---
# JDK version options include:
# - java
# - openjdk-6-jdk
# - openjdk-7-jdk
__java_packages:
- openjdk-7-jdk

View File

@ -0,0 +1,7 @@
---
# JDK version options include:
# - java
# - openjdk-8-jdk
# - openjdk-9-jdk
__java_packages:
- openjdk-8-jdk

View File

@ -0,0 +1,6 @@
---
# JDK version options include:
# - java
# - openjdk-11-jdk
__java_packages:
- openjdk-11-jdk

View File

@ -0,0 +1,2 @@
skip_list:
- '602'

3
roles/geerlingguy.jenkins/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.retry
*/__pycache__
*.pyc

View File

@ -0,0 +1,43 @@
---
language: python
services: docker
env:
global:
- ROLE_NAME: jenkins
matrix:
# Test defaults.
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: ubuntu1804
- MOLECULE_DISTRO: ubuntu1604
- MOLECULE_DISTRO: debian9
# Test other role features.
- MOLECULE_DISTRO: ubuntu1804
MOLECULE_PLAYBOOK: playbook-http-port.yml
- MOLECULE_DISTRO: ubuntu1804
MOLECULE_PLAYBOOK: playbook-prefix.yml
- MOLECULE_DISTRO: centos7
MOLECULE_PLAYBOOK: playbook-jenkins-version.yml
- MOLECULE_DISTRO: ubuntu1804
MOLECULE_PLAYBOOK: playbook-plugins-with-home.yml
install:
# Install test dependencies.
- pip install molecule docker
before_script:
# Use actual Ansible Galaxy role name for the project directory.
- cd ../
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
- cd geerlingguy.$ROLE_NAME
script:
# Run tests.
- molecule test
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

View File

@ -0,0 +1,135 @@
# Ansible Role: Jenkins CI
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-jenkins.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-jenkins)
Installs Jenkins CI on RHEL/CentOS and Debian/Ubuntu servers.
## Requirements
Requires `curl` to be installed on the server. Also, newer versions of Jenkins require Java 8+ (see the test playbooks inside the `tests/` directory for an example of how to use newer versions of Java for your OS).
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
jenkins_package_state: present
The state of the `jenkins` package install. By default this role installs Jenkins but will not upgrade Jenkins (when using package-based installs). If you want to always update to the latest version, change this to `latest`.
jenkins_hostname: localhost
The system hostname; usually `localhost` works fine. This will be used during setup to communicate with the running Jenkins instance via HTTP requests.
jenkins_home: /var/lib/jenkins
The Jenkins home directory which, amongst others, is being used for storing artifacts, workspaces and plugins. This variable allows you to override the default `/var/lib/jenkins` location.
jenkins_http_port: 8080
The HTTP port for Jenkins' web interface.
jenkins_admin_username: admin
jenkins_admin_password: admin
Default admin account credentials which will be created the first time Jenkins is installed.
jenkins_admin_password_file: ""
Default admin password file which will be created the first time Jenkins is installed as /var/lib/jenkins/secrets/initialAdminPassword
jenkins_jar_location: /opt/jenkins-cli.jar
The location at which the `jenkins-cli.jar` jarfile will be kept. This is used for communicating with Jenkins via the CLI.
jenkins_plugins: []
Jenkins plugins to be installed automatically during provisioning.
jenkins_plugins_install_dependencies: true
Whether Jenkins plugins to be installed should also install any plugin dependencies.
jenkins_plugins_state: present
Use `latest` to ensure all plugins are running the most up-to-date version.
jenkins_plugin_updates_expiration: 86400
Number of seconds after which a new copy of the update-center.json file is downloaded. Set it to 0 if no cache file should be used.
jenkins_updates_url: "https://updates.jenkins.io"
The URL to use for Jenkins plugin updates and update-center information.
jenkins_plugin_timeout: 30
The server connection timeout, in seconds, when installing Jenkins plugins.
jenkins_version: "1.644"
jenkins_pkg_url: "http://www.example.com"
(Optional) Then Jenkins version can be pinned to any version available on `http://pkg.jenkins-ci.org/debian/` (Debian/Ubuntu) or `http://pkg.jenkins-ci.org/redhat/` (RHEL/CentOS). If the Jenkins version you need is not available in the default package URLs, you can override the URL with your own; set `jenkins_pkg_url` (_Note_: the role depends on the same naming convention that `http://pkg.jenkins-ci.org/` uses).
jenkins_url_prefix: ""
Used for setting a URL prefix for your Jenkins installation. The option is added as `--prefix={{ jenkins_url_prefix }}` to the Jenkins initialization `java` invocation, so you can access the installation at a path like `http://www.example.com{{ jenkins_url_prefix }}`. Make sure you start the prefix with a `/` (e.g. `/jenkins`).
jenkins_connection_delay: 5
jenkins_connection_retries: 60
Amount of time and number of times to wait when connecting to Jenkins after initial startup, to verify that Jenkins is running. Total time to wait = `delay` * `retries`, so by default this role will wait up to 300 seconds before timing out.
# For RedHat/CentOS (role default):
jenkins_repo_url: http://pkg.jenkins-ci.org/redhat/jenkins.repo
jenkins_repo_key_url: http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
# For Debian (role default):
jenkins_repo_url: deb http://pkg.jenkins-ci.org/debian binary/
jenkins_repo_key_url: http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key
This role will install the latest version of Jenkins by default (using the official repositories as listed above). You can override these variables (use the correct set for your platform) to install the current LTS version instead:
# For RedHat/CentOS LTS:
jenkins_repo_url: http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo
jenkins_repo_key_url: http://pkg.jenkins-ci.org/redhat-stable/jenkins-ci.org.key
# For Debian/Ubuntu LTS:
jenkins_repo_url: deb http://pkg.jenkins-ci.org/debian-stable binary/
jenkins_repo_key_url: http://pkg.jenkins-ci.org/debian-stable/jenkins-ci.org.key
It is also possible stop the repo file being added by setting `jenkins_repo_url = ''`. This is useful if, for example, you sign your own packages or run internal package management (e.g. Spacewalk).
jenkins_java_options: "-Djenkins.install.runSetupWizard=false"
Extra Java options for the Jenkins launch command configured in the init file can be set with the var `jenkins_java_options`. For example, if you want to configure the timezone Jenkins uses, add `-Dorg.apache.commons.jelly.tags.fmt.timeZone=America/New_York`. By default, the option to disable the Jenkins 2.0 setup wizard is added.
jenkins_init_changes:
- option: "JENKINS_ARGS"
value: "--prefix={{ jenkins_url_prefix }}"
- option: "JENKINS_JAVA_OPTIONS"
value: "{{ jenkins_java_options }}"
Changes made to the Jenkins init script; the default set of changes set the configured URL prefix and add in configured Java options for Jenkins' startup. You can add other option/value pairs if you need to set other options for the Jenkins init file.
## Dependencies
- geerlingguy.java
## Example Playbook
```yaml
- hosts: jenkins
vars:
jenkins_hostname: jenkins.example.com
roles:
- role: geerlingguy.java
become: yes
- role: geerlingguy.jenkins
become: yes
```
## License
MIT (Expat) / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

View File

@ -0,0 +1,37 @@
---
# Optional method of pinning a specific version of Jenkins and/or overriding the
# default Jenkins packaging URL.
# jenkins_version: "1.644"
# jenkins_pkg_url: "https://www.example.com"
# Change this to `latest` to update Jenkins if a newer version is available.
jenkins_package_state: present
jenkins_connection_delay: 5
jenkins_connection_retries: 60
jenkins_home: /var/lib/jenkins
jenkins_hostname: localhost
jenkins_http_port: 8080
jenkins_jar_location: /opt/jenkins-cli.jar
jenkins_url_prefix: ""
jenkins_java_options: "-Djenkins.install.runSetupWizard=false"
jenkins_plugins: []
jenkins_plugins_state: present
jenkins_plugin_updates_expiration: 86400
jenkins_plugin_timeout: 30
jenkins_plugins_install_dependencies: true
jenkins_updates_url: "https://updates.jenkins.io"
jenkins_admin_username: admin
jenkins_admin_password: admin
jenkins_admin_password_file: ""
jenkins_process_user: jenkins
jenkins_process_group: "{{ jenkins_process_user }}"
jenkins_init_changes:
- option: "JENKINS_ARGS"
value: "--prefix={{ jenkins_url_prefix }}"
- option: "{{ jenkins_java_options_env_var }}"
value: "{{ jenkins_java_options }}"

View File

@ -0,0 +1,12 @@
---
- name: restart jenkins
service: name=jenkins state=restarted
- name: configure default users
template:
src: basic-security.groovy.j2
dest: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy"
owner: "{{ jenkins_process_user }}"
group: "{{ jenkins_process_group }}"
mode: 0775
register: jenkins_users_config

View File

@ -0,0 +1,2 @@
install_date: Mon Apr 29 14:19:40 2019
version: 3.7.0

View File

@ -0,0 +1,29 @@
---
dependencies:
- geerlingguy.java
galaxy_info:
author: geerlingguy
description: Jenkins CI
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- 6
- 7
- name: Fedora
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- development
- packaging
- jenkins
- ci

View File

@ -0,0 +1,51 @@
---
# Ubuntu.
- name: Add repository for OpenJDK 8 (Ubuntu 14).
apt_repository: repo='ppa:openjdk-r/ppa'
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_version == "14.04"
# Debian.
- name: Enable Backports repository (Debian 8).
apt_repository:
repo: 'deb http://ftp.debian.org/debian {{ ansible_distribution_release }}-backports main'
state: present
filename: "{{ ansible_distribution_release }}_backports"
when: ansible_distribution == "Debian"
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
# See: http://unix.stackexchange.com/a/342469
- name: Install dependencies.
apt:
default_release: "{{ ansible_distribution_release }}-backports"
name:
- openjdk-8-jre-headless
- ca-certificates-java
state: present
when: ansible_distribution == "Debian"
# Red Hat.
- name: Set the java_packages variable (RedHat).
set_fact:
java_packages:
- java-1.8.0-openjdk
when: ansible_os_family == 'RedHat'
# Ubuntu.
- name: Set the java_packages variable (Ubuntu).
set_fact:
java_packages:
- openjdk-8-jdk
when: ansible_distribution == 'Ubuntu'
# Debian.
- name: Set the java_packages variable (Debian).
set_fact:
java_packages:
- openjdk-8-jdk
when: ansible_distribution == 'Debian'

View File

@ -0,0 +1,29 @@
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
options:
config-file: molecule/default/yaml-lint.yml
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
lint:
name: ansible-lint
playbooks:
converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
scenario:
name: default
verifier:
name: testinfra
lint:
name: flake8

View File

@ -0,0 +1,24 @@
---
- name: Converge
hosts: all
become: true
vars:
jenkins_http_port: 8081
pre_tasks:
- include_tasks: java-8.yml
roles:
- geerlingguy.java
- geerlingguy.jenkins
post_tasks:
- name: Ensure Jenkins is running on the specified port.
uri:
url: "http://127.0.0.1:{{ jenkins_http_port }}"
status_code: 200
register: result
until: result.status == 200
retries: 60
delay: 1

View File

@ -0,0 +1,27 @@
---
- name: Converge
hosts: all
become: true
vars:
jenkins_version: "1.644"
roles:
- geerlingguy.java
- geerlingguy.jenkins
post_tasks:
- name: Check installed version of Jenkins.
command: rpm -q jenkins
args:
warn: false
changed_when: false
register: jenkins_rpm_version
tags: ['skip_ansible_lint']
- name: Print installed Jenkins package information.
debug: var=jenkins_rpm_version
- name: Fail if version doesn't match what we wanted.
fail:
when: "jenkins_version not in jenkins_rpm_version.stdout"

View File

@ -0,0 +1,52 @@
---
- name: Converge
hosts: all
become: true
vars:
jenkins_plugins:
- ghprb
- greenballs
jenkins_home: /tmp/jenkins
jenkins_plugin_timeout: 120
pre_tasks:
- include_tasks: java-8.yml
roles:
- geerlingguy.java
- geerlingguy.jenkins
post_tasks:
- name: Verify JENKINS_HOME is correct.
stat:
path: "{{ jenkins_home }}/config.xml"
register: jenkins_home_config
- name: Fail if Jenkins config file doesn't exist.
fail:
when: not jenkins_home_config.stat.exists
- name: List plugins directory contents.
command: "ls {{ jenkins_home }}/plugins"
register: plugins_contents
changed_when: false
tags: ['skip_ansible_lint']
- name: Verify greenballs plugin exists.
stat:
path: "{{ jenkins_home }}/plugins/greenballs.jpi"
register: greenballs_plugin
- name: Fail if greenballs plugin file doesn't exist.
fail:
when: not greenballs_plugin.stat.exists
- name: Ensure Jenkins is running.
uri:
url: "http://127.0.0.1:8080/"
status_code: 200
register: result
until: result.status == 200
retries: 60
delay: 1

View File

@ -0,0 +1,24 @@
---
- name: Converge
hosts: all
become: true
vars:
jenkins_url_prefix: /jenkins
pre_tasks:
- include_tasks: java-8.yml
roles:
- geerlingguy.java
- geerlingguy.jenkins
post_tasks:
- name: Ensure Jenkins is running with the specified prefix.
uri:
url: "http://127.0.0.1:8080{{ jenkins_url_prefix }}"
status_code: 200
register: result
until: result.status == 200
retries: 60
delay: 1

View File

@ -0,0 +1,16 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- include_tasks: java-8.yml
roles:
- role: geerlingguy.java
- role: geerlingguy.jenkins
post_tasks:
- name: Check if Jenkins is running.
uri:
url: "http://127.0.0.1:8080/"

View File

@ -0,0 +1,2 @@
---
- src: geerlingguy.java

View File

@ -0,0 +1,6 @@
---
extends: default
rules:
line-length:
max: 150
level: warning

View File

@ -0,0 +1,66 @@
---
# Variable setup.
- name: Include OS-Specific variables
include_vars: "{{ ansible_os_family }}.yml"
- name: Define jenkins_repo_url
set_fact:
jenkins_repo_url: "{{ __jenkins_repo_url }}"
when: jenkins_repo_url is not defined
- name: Define jenkins_repo_key_url
set_fact:
jenkins_repo_key_url: "{{ __jenkins_repo_key_url }}"
when: jenkins_repo_key_url is not defined
- name: Define jenkins_pkg_url
set_fact:
jenkins_pkg_url: "{{ __jenkins_pkg_url }}"
when: jenkins_pkg_url is not defined
# Setup/install tasks.
- include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian'
# Configure Jenkins init settings.
- include_tasks: settings.yml
# Make sure Jenkins starts, then configure Jenkins.
- name: Ensure Jenkins is started and runs on startup.
service: name=jenkins state=started enabled=yes
- name: Wait for Jenkins to start up before proceeding.
command: >
curl -D - --silent --max-time 5 http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}/cli/
args:
warn: false
register: result
until: >
(result.stdout.find("403 Forbidden") != -1)
or (result.stdout.find("200 OK") != -1)
and (result.stdout.find("Please wait while") == -1)
retries: "{{ jenkins_connection_retries }}"
delay: "{{ jenkins_connection_delay }}"
changed_when: false
check_mode: false
- name: Get the jenkins-cli jarfile from the Jenkins server.
get_url:
url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}/jnlpJars/jenkins-cli.jar"
dest: "{{ jenkins_jar_location }}"
register: jarfile_get
until: "'OK' in jarfile_get.msg or '304' in jarfile_get.msg or 'file already exists' in jarfile_get.msg"
retries: 5
delay: 10
check_mode: false
- name: Remove Jenkins security init scripts after first startup.
file:
path: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy"
state: absent
# Update Jenkins and install configured plugins.
- include_tasks: plugins.yml

View File

@ -0,0 +1,61 @@
---
# jenkins_plugin module doesn't support password files.
- name: Get Jenkins admin password from file.
slurp:
src: "{{ jenkins_admin_password_file }}"
register: adminpasswordfile
no_log: true
when: jenkins_admin_password_file != ""
tags: ['skip_ansible_lint']
- name: Set Jenkins admin password fact.
set_fact:
jenkins_admin_password: "{{ adminpasswordfile['stdout'] | default(jenkins_admin_password) }}"
no_log: true
# Update Jenkins so that plugin updates don't fail.
- name: Create Jenkins updates directory.
file:
path: "{{ jenkins_home }}/updates"
state: directory
owner: jenkins
group: jenkins
- name: Download current plugin updates from Jenkins update site.
get_url:
url: "{{ jenkins_updates_url }}/update-center.json"
dest: "{{ jenkins_home }}/updates/default.json"
owner: jenkins
group: jenkins
mode: 0440
changed_when: false
register: get_result
until: get_result is success
retries: 3
delay: 2
- name: Remove first and last line from json file.
replace:
path: "{{ jenkins_home }}/updates/default.json"
regexp: "1d;$d"
- name: Install Jenkins plugins using password.
jenkins_plugin:
name: "{{ item }}"
jenkins_home: "{{ jenkins_home }}"
url_username: "{{ jenkins_admin_username }}"
url_password: "{{ jenkins_admin_password }}"
state: "{{ jenkins_plugins_state }}"
timeout: "{{ jenkins_plugin_timeout }}"
updates_expiration: "{{ jenkins_plugin_updates_expiration }}"
updates_url: "{{ jenkins_updates_url }}"
url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}"
with_dependencies: "{{ jenkins_plugins_install_dependencies }}"
with_items: "{{ jenkins_plugins }}"
when: jenkins_admin_password != ""
notify: restart jenkins
tags: ['skip_ansible_lint']
register: plugin_result
until: plugin_result is success
retries: 3
delay: 2

View File

@ -0,0 +1,69 @@
---
- name: Check if jenkins_init_file exists.
stat:
path: "{{ jenkins_init_file }}"
register: jenkins_init_file_stat
- name: Ensure jenkins_init_file exists.
file:
path: "{{ jenkins_init_file }}"
state: touch
when: not jenkins_init_file_stat.stat.exists
- name: Modify variables in init file.
lineinfile:
dest: "{{ jenkins_init_file }}"
insertafter: '^{{ item.option }}='
regexp: '^{{ item.option }}=\"\${{ item.option }} '
line: '{{ item.option }}="${{ item.option }} {{ item.value }}"'
state: present
with_items: "{{ jenkins_init_changes }}"
register: jenkins_init_prefix
- name: Set the Jenkins home directory.
lineinfile:
dest: "{{ jenkins_init_file }}"
regexp: '^JENKINS_HOME=.*'
line: 'JENKINS_HOME={{ jenkins_home }}'
register: jenkins_home_config
- name: Immediately restart Jenkins on init config changes.
service: name=jenkins state=restarted
when: jenkins_init_prefix.changed
tags: ['skip_ansible_lint']
- name: Set HTTP port in Jenkins config.
lineinfile:
backrefs: true
dest: "{{ jenkins_init_file }}"
regexp: '^{{ jenkins_http_port_param }}='
line: '{{ jenkins_http_port_param }}={{ jenkins_http_port }}'
register: jenkins_http_config
- name: Ensure jenkins_home {{ jenkins_home }} exists
file:
path: "{{ jenkins_home }}"
state: directory
owner: jenkins
group: jenkins
mode: u+rwx
follow: true
- name: Create custom init scripts directory.
file:
path: "{{ jenkins_home }}/init.groovy.d"
state: directory
owner: "{{ jenkins_process_user }}"
group: "{{ jenkins_process_group }}"
mode: 0775
- name: Trigger handlers immediately in case Jenkins was installed
meta: flush_handlers
- name: Immediately restart Jenkins on http or user changes.
service: name=jenkins state=restarted
when: >
(jenkins_users_config is defined and jenkins_users_config.changed)
or (jenkins_http_config is defined and jenkins_http_config.changed)
or (jenkins_home_config is defined and jenkins_home_config.changed)
tags: ['skip_ansible_lint']

View File

@ -0,0 +1,45 @@
---
- name: Ensure dependencies are installed.
apt:
name:
- curl
- apt-transport-https
state: present
- name: Add Jenkins apt repository key.
apt_key:
url: "{{ jenkins_repo_key_url }}"
state: present
- name: Add Jenkins apt repository.
apt_repository:
repo: "{{ jenkins_repo_url }}"
state: present
update_cache: true
when: jenkins_repo_url != ""
tags: ['skip_ansible_lint']
- name: Download specific Jenkins version.
get_url:
url: "{{ jenkins_pkg_url }}/jenkins_{{ jenkins_version }}_all.deb"
dest: "/tmp/jenkins_{{ jenkins_version }}_all.deb"
when: jenkins_version is defined
- name: Check if we downloaded a specific version of Jenkins.
stat:
path: "/tmp/jenkins_{{ jenkins_version }}_all.deb"
register: specific_version
when: jenkins_version is defined
- name: Install our specific version of Jenkins.
apt:
deb: "/tmp/jenkins_{{ jenkins_version }}_all.deb"
state: present
when: jenkins_version is defined and specific_version.stat.exists
notify: configure default users
- name: Ensure Jenkins is installed.
apt:
name: jenkins
state: "{{ jenkins_package_state }}"
notify: configure default users

View File

@ -0,0 +1,45 @@
---
- name: Ensure dependencies are installed.
package:
name:
- curl
- libselinux-python
- initscripts
state: present
- name: Ensure Jenkins repo is installed.
get_url:
url: "{{ jenkins_repo_url }}"
dest: /etc/yum.repos.d/jenkins.repo
when: jenkins_repo_url != ""
tags: ['skip_ansible_lint']
- name: Add Jenkins repo GPG key.
rpm_key:
state: present
key: "{{ jenkins_repo_key_url }}"
- name: Download specific Jenkins version.
get_url:
url: "{{ jenkins_pkg_url }}/jenkins-{{ jenkins_version }}-1.1.noarch.rpm"
dest: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm"
when: jenkins_version is defined
- name: Check if we downloaded a specific version of Jenkins.
stat:
path: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm"
register: specific_version
when: jenkins_version is defined
- name: Install our specific version of Jenkins.
package:
name: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm"
state: present
when: jenkins_version is defined and specific_version.stat.exists
notify: configure default users
- name: Ensure Jenkins is installed.
package:
name: jenkins
state: "{{ jenkins_package_state }}"
notify: configure default users

View File

@ -0,0 +1,28 @@
#!groovy
import hudson.security.*
import jenkins.model.*
def instance = Jenkins.getInstance()
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
def users = hudsonRealm.getAllUsers()
users_s = users.collect { it.toString() }
// Create the admin user account if it doesn't already exist.
if ("{{ jenkins_admin_username }}" in users_s) {
println "Admin user already exists - updating password"
def user = hudson.model.User.get('{{ jenkins_admin_username }}');
def password = hudson.security.HudsonPrivateSecurityRealm.Details.fromPlainPassword('{{ jenkins_admin_password }}')
user.addProperty(password)
user.save()
}
else {
println "--> creating local admin user"
hudsonRealm.createAccount('{{ jenkins_admin_username }}', '{{ jenkins_admin_password }}')
instance.setSecurityRealm(hudsonRealm)
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
instance.setAuthorizationStrategy(strategy)
instance.save()
}

View File

@ -0,0 +1,7 @@
---
__jenkins_repo_url: deb https://pkg.jenkins.io/debian binary/
__jenkins_repo_key_url: https://pkg.jenkins.io/debian/jenkins.io.key
__jenkins_pkg_url: https://pkg.jenkins.io/debian/binary
jenkins_init_file: /etc/default/jenkins
jenkins_http_port_param: HTTP_PORT
jenkins_java_options_env_var: JAVA_ARGS

View File

@ -0,0 +1,7 @@
---
__jenkins_repo_url: https://pkg.jenkins.io/redhat/jenkins.repo
__jenkins_repo_key_url: https://pkg.jenkins.io/redhat/jenkins.io.key
__jenkins_pkg_url: https://pkg.jenkins.io/redhat
jenkins_init_file: /etc/sysconfig/jenkins
jenkins_http_port_param: JENKINS_PORT
jenkins_java_options_env_var: JENKINS_JAVA_OPTIONS

View File

@ -34,5 +34,5 @@ server_host: localhost
server_name: ansible_hostname server_name: ansible_hostname
# The URLs of the Elasticsearch instances to use for all your queries. # The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch_hosts: # example: " 'http://localhost:9200', 'http://192.168.0.1:9200' "
- localhost elasticsearch_hosts: " 'http://localhost:9200' "

View File

@ -1,2 +1,7 @@
--- ---
# tasks file for kibana # tasks file for kibana
- name: install kibana on ubuntu
when: ansible_distribution == "Ubuntu"
include: ubuntu.yml

View File

@ -17,11 +17,11 @@
backup: true backup: true
- name: Allow 5601 though UFW - name: Allow 5601 though UFW
when: ufw_server_port == true_ when: ufw_server_port == true
become: true become: true
ufw: ufw:
rule: allow rule: allow
port: server_port port: "{{ server_port }}"
- name: systemd - daemon reload - name: systemd - daemon reload
become: true become: true

View File

@ -8,7 +8,7 @@ server.port: {{ server_port }}
# To allow connections from remote users, set this parameter to a non-loopback address. # To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "192.168.0.173" #server.host: "192.168.0.173"
server.host: {{ server_host }} server.host: "{{ server_host }}"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy. # Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath # Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
@ -26,13 +26,11 @@ server.host: {{ server_host }}
#server.maxPayloadBytes: 1048576 #server.maxPayloadBytes: 1048576
# The Kibana server's name. This is used for display purposes. # The Kibana server's name. This is used for display purposes.
server.name: {{ server_name }} server.name: "{{ server_name }}"
# The URLs of the Elasticsearch instances to use for all your queries. # The URLs of the Elasticsearch instances to use for all your queries.
#elasticsearch.hosts: ["http://localhost:9200"] #elasticsearch.hosts: ["http://localhost:9200"]
elasticsearch.hosts: [ elasticsearch.hosts: [ {{ elasticsearch_hosts }} ]
{{ elasticsearch_hosts }}
]
# When this setting's value is true Kibana uses the hostname specified in the server.host # When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host # setting. When the value of this setting is false, Kibana uses the hostname of the host