aboutsummaryrefslogtreecommitdiff
path: root/roles/services/jenkins
diff options
context:
space:
mode:
Diffstat (limited to 'roles/services/jenkins')
-rw-r--r--roles/services/jenkins/handlers/main.yml13
-rw-r--r--roles/services/jenkins/tasks/main.yml184
2 files changed, 197 insertions, 0 deletions
diff --git a/roles/services/jenkins/handlers/main.yml b/roles/services/jenkins/handlers/main.yml
new file mode 100644
index 0000000..92f0084
--- /dev/null
+++ b/roles/services/jenkins/handlers/main.yml
@@ -0,0 +1,13 @@
1- name: update repos
2 apt:
3 update_cache: yes
4
5- name: restart nginx
6 service:
7 name: nginx
8 state: restarted
9
10- name: restart jenkins
11 service:
12 name: jenkins
13 state: restarted
diff --git a/roles/services/jenkins/tasks/main.yml b/roles/services/jenkins/tasks/main.yml
new file mode 100644
index 0000000..29dbb28
--- /dev/null
+++ b/roles/services/jenkins/tasks/main.yml
@@ -0,0 +1,184 @@
1- name: install extrepo
2 package:
3 name: extrepo
4 state: latest
5
6- name: add jenkins repo
7 register: result
8 changed_when: result.stdout | regex_search("skipped") | bool
9 notify: update repos
10 command:
11 cmd: extrepo enable jenkins
12 creates: /etc/apt/sources.list.d/extrepo_jenkins.sources
13
14- meta: flush_handlers
15
16- name: update jenkins repo data
17 changed_when: false
18 command:
19 cmd: extrepo update jenkins
20
21- name: install packages
22 package:
23 name: "{{ jenkins_packages }}"
24
25- name: generate ssh key for jenkins user
26 user:
27 name: jenkins
28 generate_ssh_key: yes
29
30- name: get jenkins user ssh key
31 changed_when: false
32 command: cat /var/lib/jenkins/.ssh/id_rsa.pub
33 register: pubkey
34
35- name: create jenkins user in freeipa
36 freeipa.ansible_freeipa.ipauser:
37 ipaadmin_principal:
38 ipaadmin_password: "{{ ipafulladmin_password }}"
39 name: jenkins
40 passwordexpiration: "2050-01-01"
41 first: jenkins
42 last: ci
43 sshpubkey: "{{ pubkey.stdout }}"
44
45- name: create jenkins_admin group in freeipa
46 freeipa.ansible_freeipa.ipagroup:
47 ipaadmin_password: "{{ ipafulladmin_password }}"
48 name: jenkins_admin
49
50- name: add user jenkins to jenkins_admin group in freeipa
51 freeipa.ansible_freeipa.ipagroup:
52 ipaadmin_password: "{{ ipafulladmin_password }}"
53 name: jenkins_admin
54 action: member
55 user:
56 - jenkins
57
58- name: create sudo rule to allow jenkins to execute on all without password
59 freeipa.ansible_freeipa.ipasudorule:
60 ipaadmin_password: "{{ ipafulladmin_password }}"
61 name: jenkins_rule
62 sudooption: "!authenticate"
63 group: jenkins_admin
64 hostcategory: all
65 cmdcategory: all
66 runasusercategory: all
67 runasgroupcategory: all
68
69- name: deploy nginx configuration
70 copy:
71 src: "{{ jenkins_nginx_config }}"
72 dest: /etc/nginx/sites-available/jenkins.conf
73 owner: root
74 group: root
75 mode: '0644'
76 register: nginx_config
77 notify: restart nginx
78
79- name: create cert/key dir
80 file:
81 state: directory
82 path: "/etc/letsencrypt/live/{{ services_domain }}"
83 owner: root
84 group: root
85 mode: "0755"
86
87- name: remove existing private key file
88 file:
89 path: "/etc/letsencrypt/live/{{ services_domain }}/privkey.pem"
90 state: absent
91
92- name: write private key to file
93 lineinfile:
94 path: "/etc/letsencrypt/live/{{ services_domain }}/privkey.pem"
95 line: "{{ nginx_key }}"
96 insertbefore: EOF
97 create: yes
98
99- name: deploy cert
100 copy:
101 src: "{{ nginx_cert }}"
102 dest: "/etc/letsencrypt/live/{{ services_domain }}/fullchain.pem"
103 owner: root
104 group: root
105 mode: '0644'
106
107- name: symlink site
108 file:
109 src: /etc/nginx/sites-available/jenkins.conf
110 dest: /etc/nginx/sites-enabled/jenkins.conf
111 owner: root
112 group: root
113 state: link
114
115- name: allow http (80/tcp) traffic
116 ufw:
117 rule: allow
118 port: '80'
119 proto: tcp
120
121- name: allow https (443/tcp) traffic
122 ufw:
123 rule: allow
124 port: '443'
125 proto: tcp
126
127- name: install ansible plugin
128 jenkins_plugin:
129 url_username: "{{ jenkins_username }}"
130 url_password: "{{ jenkins_apikey }}"
131 url: "{{ jenkins_url }}"
132 name: ansible
133
134- name: install gitea plugin
135 jenkins_plugin:
136 url_username: "{{ jenkins_username }}"
137 url_password: "{{ jenkins_apikey }}"
138 url: "{{ jenkins_url }}"
139 name: gitea
140
141- name: install openid login plugin
142 jenkins_plugin:
143 url_username: "{{ jenkins_username }}"
144 url_password: "{{ jenkins_apikey }}"
145 url: "{{ jenkins_url }}"
146 name: oic-auth
147
148- name: install prometheus plugin
149 jenkins_plugin:
150 url_username: "{{ jenkins_username }}"
151 url_password: "{{ jenkins_apikey }}"
152 url: "{{ jenkins_url }}"
153 name: prometheus
154
155- name: install casc plugin
156 jenkins_plugin:
157 url_username: "{{ jenkins_username }}"
158 url_password: "{{ jenkins_apikey }}"
159 url: "{{ jenkins_url }}"
160 name: configuration-as-code
161
162- name: install warnings-ng plugin
163 jenkins_plugin:
164 url_username: "{{ jenkins_username }}"
165 url_password: "{{ jenkins_apikey }}"
166 url: "{{ jenkins_url }}"
167 name: warnings-ng
168
169- name: deploy configuration as code file
170 register: casc_file
171 notify: restart jenkins
172 template:
173 src: "{{ jenkins_config }}"
174 dest: "/var/lib/jenkins/jenkins.yaml"
175 owner: jenkins
176 group: jenkins
177 mode: "0644"
178
179- name: enable jenkins
180 systemd:
181 daemon_reload: yes
182 enabled: yes
183 masked: no
184 name: jenkins