Fix jenkins common role

* Add logging for jenkins app, with logrotate * Fix the user:group of installed files * Specify the uid:gid for the new jenkins user so it will match those on the attached data volume * Configure jenkins.war expansion into /var/cache * Add Splunkforwarder installation and configuration

Fix jenkins common role
* Add logging for jenkins app, with logrotate * Fix the user:group of installed files * Specify the uid:gid for the new jenkins user so it will match those on the attached data volume * Configure jenkins.war expansion into /var/cache * Add Splunkforwarder installation and configuration
9dcb90bd · Jesse Zoldak · 5988d89d · 9dcb90bd · 9dcb90bd · 9dcb90bd
Commit 9dcb90bd authored Oct 03, 2017 by Jesse Zoldak
4 changed files
--- a/playbooks/roles/jenkins_common/defaults/main.yml
+++ b/playbooks/roles/jenkins_common/defaults/main.yml
 jenkins_common_user: jenkins
-jenkins_common_group: edx
+jenkins_common_user_uid: 1002
+jenkins_common_group: jenkins
+jenkins_common_group_gid: 1004
 jenkins_common_home: /var/lib/jenkins
-jenkins_common_config_path: /init-configs
+jenkins_common_config_path: /var/lib/jenkins/init-configs
 jenkins_common_port: 8080
 jenkins_common_version: jenkins_1.651.3
 jenkins_common_war_source: https://s3.amazonaws.com/edx-testeng-tools/jenkins
@@ -21,7 +23,7 @@ jenkins_common_debian_pkgs:
 jenkins_common_configuration_git_url: https://github.com/edx/jenkins-configuration.git
 jenkins_common_jenkins_configuration_branch: master
 jenkins_common_configuration_src_path: src/main/groovy
-jenkins_common_git_home: /git
+jenkins_common_git_home: /var/lib/jenkins/git
 jenkins_common_configuration_scripts: []
 jenkins_common_non_plugin_template_files:

--- a/playbooks/roles/jenkins_common/tasks/main.yml
+++ b/playbooks/roles/jenkins_common/tasks/main.yml
@@ -13,6 +13,7 @@
 - name: Create jenkins group
  group:
    name: '{{ jenkins_common_group }}'
+    gid: '{{ jenkins_common_group_gid }}'
    state: present
  tags:
    - install
@@ -21,7 +22,7 @@
 - name: Add the jenkins user to the group
  user:
    name: '{{ jenkins_common_user }}'
-    append: yes
+    uid: '{{ jenkins_common_user_uid }}'
    groups: '{{ jenkins_common_group }}'
  tags:
    - install
@@ -32,6 +33,7 @@
    path: '{{ item }}'
    state: directory
    owner: '{{ jenkins_common_user }}'
+    group: '{{ jenkins_common_group }}'
  with_items:
    - /usr/share/jenkins
    - '{{ jenkins_common_home }}/init.groovy.d'
@@ -39,6 +41,8 @@
    - '{{ jenkins_common_home }}/utils'
    - '{{ jenkins_common_home }}/plugins'
    - '{{ jenkins_common_git_home }}'
+    - /var/log/jenkins
+    - /var/cache/jenkins
  tags:
    - install
    - install:base
@@ -47,6 +51,8 @@
  get_url:
    url: '{{ jenkins_common_war_source }}/{{ jenkins_common_version }}.war'
    dest: /usr/share/jenkins/jenkins.war
+    owner: '{{ jenkins_common_user }}'
+    group: '{{ jenkins_common_group }}'
    force: yes
  tags:
    - install
@@ -60,6 +66,14 @@
    - install
    - install:system-requirements
+- name: Configure logrotate for jenkins application log
+  template:
+    src:  "etc/logrotate.d/jenkins_log.j2"
+    dest: "/etc/logrotate.d/jenkins"
+  tags:
+    - install
+    - install:system-requirements
 - name: Add env vars
  template:
    src: "jenkins-env.sh.j2"
@@ -76,6 +90,8 @@
      repo: '{{ jenkins_common_configuration_git_url }}'
      dest: '{{ jenkins_common_git_home }}/jenkins-configuration'
      version: '{{ jenkins_common_jenkins_configuration_branch }}'
+  become: true
+  become_user: '{{ jenkins_common_user }}'
  tags:
    - install
    - install:base
@@ -88,6 +104,8 @@
  environment:
    UTILS_PATH: '{{ jenkins_common_home }}/utils'
    JENKINS_VERSION: '{{ jenkins_common_version }}'
+  become: true
+  become_user: '{{ jenkins_common_user }}'
  tags:
    - install
    - install:base
@@ -96,6 +114,8 @@
 - name: Copy init scripts into init.groovy.d
  command: 'cp {{ jenkins_common_git_home }}/jenkins-configuration/{{ jenkins_common_configuration_src_path }}/{{ item }} {{ jenkins_common_home }}/init.groovy.d/'
  with_items: '{{ jenkins_common_configuration_scripts }}'
+  become: true
+  become_user: '{{ jenkins_common_user }}'
  tags:
    - install
    - install:base
@@ -106,6 +126,7 @@
    path: '{{ item }}'
    state: directory
    owner: '{{ jenkins_common_user }}'
+    group: '{{ jenkins_common_group }}'
  with_items:
    - '{{ jenkins_common_config_path }}/credentials'
    - '{{ jenkins_common_config_path }}/ec2'
@@ -118,6 +139,8 @@
  template:
    src: '{{ role_path }}/templates/config/{{ item }}.yml.j2'
    dest: '{{ jenkins_common_config_path }}/{{ item }}.yml'
+    owner: '{{ jenkins_common_user }}'
+    group: '{{ jenkins_common_group }}'
  with_items: '{{ jenkins_common_non_plugin_template_files }}'
  tags:
    - install
@@ -128,6 +151,8 @@
  template:
    src: '{{ role_path }}/templates/config/plugins.yml.j2'
    dest: '{{jenkins_common_config_path }}/plugins.yml'
+    owner: '{{ jenkins_common_user }}'
+    group: '{{ jenkins_common_group }}'
  tags:
    - install
    - install:base
@@ -135,7 +160,11 @@
    - install:jenkins-configuration
 - name: Copy ec2 config files
-  template: src={{ item }} dest='{{ jenkins_common_config_path }}/ec2/'
+  template:
+    src: '{{ item }}'
+    dest: '{{ jenkins_common_config_path }}/ec2/'
+    owner: '{{ jenkins_common_user }}'
+    group: '{{ jenkins_common_group }}'
  with_fileglob:
    - '{{ role_path }}/files/ec2/*'
  tags:
@@ -144,7 +173,11 @@
    - install:jenkins-configuration
 - name: Copy xml config files
-  template: src={{ item }} dest='{{ jenkins_common_config_path }}/xml/'
+  template:
+    src: '{{ item }}'
+    dest: '{{ jenkins_common_config_path }}/xml/'
+    owner: '{{ jenkins_common_user }}'
+    group: '{{ jenkins_common_group }}'
  with_fileglob:
    - '{{ role_path }}/files/xml/*'
  tags:
@@ -159,6 +192,8 @@
  environment:
    PLUGIN_OUTPUT_DIR: '{{ jenkins_common_home }}/plugins'
    PLUGIN_CONFIG: '{{ jenkins_common_config_path }}/plugins.yml'
+  become: true
+  become_user: '{{ jenkins_common_user }}'
  tags:
    - install
    - install:base
@@ -180,6 +215,8 @@
  copy:
    content: "{{ item.content }}"
    dest: '{{ jenkins_common_config_path }}/credentials/{{ item.name }}'
+    owner: '{{ jenkins_common_user }}'
+    group: '{{ jenkins_common_group }}'
  with_items: '{{ JENKINS_CUSTOM_SSH_LIST }}'
  no_log: yes
  tags:
@@ -191,6 +228,8 @@
  copy:
    content: '{{ JENKINS_EC2_PRIVATE_KEY }}'
    dest: '{{ jenkins_common_config_path }}/ec2/id_rsa'
+    owner: '{{ jenkins_common_user }}'
+    group: '{{ jenkins_common_group }}'
  no_log: yes
  tags:
    - install

--- a/playbooks/roles/jenkins_common/templates/etc/logrotate.d/jenkins_log.j2
+++ b/playbooks/roles/jenkins_common/templates/etc/logrotate.d/jenkins_log.j2
+# Put in place by ansible
+/var/log/jenkins/*jenkins.log {
+  weekly
+  copytruncate
+  missingok
+  rotate 52
+  compress
+  delaycompress
+  notifempty
+}
--- a/playbooks/roles/jenkins_common/templates/etc/systemd/system/jenkins.service.j2
+++ b/playbooks/roles/jenkins_common/templates/etc/systemd/system/jenkins.service.j2
@@ -2,9 +2,20 @@
 Description=Jenkins
 [Service]
-Environment=JENKINS_HOME={{ jenkins_common_home }}
+Type=forking
-Environment=JENKINS_CONFIG_PATH={{ jenkins_common_config_path }}
+Environment="JENKINS_HOME={{ jenkins_common_home }}"
-ExecStart=/usr/bin/java {{ jenkins_common_jvm_args }} -jar /usr/share/jenkins/jenkins.war --httpPort={{ jenkins_common_port }}
+Environment="JENKINS_CONFIG_PATH={{ jenkins_common_config_path }}"
+PassEnvironment=JENKINS_HOME JENKINS_CONFIG_PATH
+User=jenkins
+Group=jenkins
+ExecStart=/usr/bin/java \
+  {{ jenkins_common_jvm_args }} \
+  -jar /usr/share/jenkins/jenkins.war \
+  --daemon \
+  --logfile=/var/log/jenkins/jenkins.log \
+  --webroot=/var/cache/jenkins \
+  --httpPort={{ jenkins_common_port }} \
+  --ajp13Port=-1
 [Install]
 WantedBy=multi-user.target