set up play for a basic jenkins installation behind nginx

playbooks/edx-east/jenkins_spigot.yml

+# Configure a Jenkins master instance for testeng
+# This has the Jenkins Java app, but none of the requirements
+# to run the tests.
+
+- name: Configure instance(s)
+  hosts: jenkins_worker
+  become: True
+  gather_facts: True
+  vars:
+    COMMON_DATA_DIR: "/mnt2"
+    COMMON_SECURITY_UPDATES: yes
+    SECURITY_UPGRADE_ON_ANSIBLE: true
+    jenkins_jvm_args: "-Djava.awt.headless=true -Xmx8192m -XX:MaxPermSize=512m"
+
+  roles:
+    - aws
+    - jenkins_spigot

playbooks/roles/jenkins_spigot/defaults/main.yml

+jenkins_home: "{{ COMMON_DATA_DIR }}/jenkins"
+jenkins_user: "jenkins"
+jenkins_group: "edx"
+jenkins_server_name: "spigot.testeng.edx.org"
+jenkins_port: 8080
+jenkins_nginx_port: 80
+jenkins_protocol_https: true
+
+jenkins_version: "1.638"
+jenkins_deb_url: "http://pkg.jenkins-ci.org/debian/binary/jenkins_{{ jenkins_version }}_all.deb"
+jenkins_deb: "jenkins_{{ jenkins_version }}_all.deb"
+# Jenkins jvm args are set when starting the Jenkins service, e.g., "-Xmx1024m"
+jenkins_jvm_args: ""
+
+jenkins_debian_pkgs:
+    - nginx
+    - git
+    - maven
+    - daemon
+    - python-pycurl
+    - psmisc
+
+# Extra packages need for a specific jenkins instance.
+JENKINS_EXTRA_PKGS: []

playbooks/roles/jenkins_spigot/handlers/main.yml

+---
+- name: restart Jenkins
+  service:
+    name: jenkins
+    state: restarted
+  tags:
+    - manage
+    - manage:start  
+
+- name: start nginx
+  service:
+    name: nginx
+    state: started
+  tags:
+    - manage
+    - manage:start
+
+- name: reload nginx
+  service:
+    name: nginx
+    state: reloaded
+  tags:
+    - manage
+    - manage:start

playbooks/roles/jenkins_spigot/meta/main.yml

+---
+dependencies:
+  - common
+  - role: oraclejdk
+    tags: java
+    oraclejdk_version: "7u51"
+    oraclejdk_base: "jdk1.7.0_51"
+    oraclejdk_build: "b13"
+    oraclejdk_link: "/usr/lib/jvm/java-7-oracle"

playbooks/roles/jenkins_spigot/tasks/main.yml

+---
+- name: Install jenkins specific system packages
+  apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: yes
+  with_items: "{{ jenkins_debian_pkgs }}"
+  tags:
+    - jenkins
+    - install
+    - install:system-requirements
+
+- name: Install jenkins extra system packages
+  apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: yes
+  with_items: "{{ JENKINS_EXTRA_PKGS }}"
+  tags:
+    - jenkins
+    - install
+    - install:system-requirements
+
+- name: Create jenkins group
+  group:
+    name: "{{ jenkins_group }}"
+    state: present
+  tags:
+    - install
+    - install:system-requirements
+
+- name: Add the jenkins user to the group
+  user:
+    name: "{{ jenkins_user }}"
+    append: yes
+    groups: "{{ jenkins_group }}"
+  tags:
+     - install                      
+     - install:system-requirements
+
+# Should be resolved in the next release, but until then we need to do this
+# https://issues.jenkins-ci.org/browse/JENKINS-20407
+- name: Workaround for JENKINS-20407
+  file:
+    path: "/var/run/jenkins"
+    state: directory
+    owner: "{{ jenkins_user }}"
+    group: "{{ jenkins_group }}"
+  tags:
+    - install
+    - install:system-requirements
+
+# TODO in Ansible 2.1 we can do apt: deb="{{ jenkins_deb_url }}"
+- name: download Jenkins package
+  get_url: url="{{ jenkins_deb_url }}" dest="/tmp/{{ jenkins_deb }}"
+  tags:
+    - install
+    - install:app-requirements
+
+- name: install Jenkins package
+  apt:
+    deb: "/tmp/{{ jenkins_deb }}"
+  tags:
+    - install
+    - install:app-requirements
+
+- name: Stop Jenkins
+  service:
+    name: jenkins
+    state: stopped
+  tags:
+    - manage
+    - manage:stop
+
+- name: Set jvm args
+  lineinfile:
+    backup: yes
+    dest: /etc/default/jenkins
+    regexp: '^JAVA_ARGS='
+    line: 'JAVA_ARGS="{{ jenkins_jvm_args }}"'
+  tags:
+    - java
+    - jenkins
+    - install
+    - install:app-configuration
+
+- name: Set jenkins home
+  lineinfile:
+    backup: yes
+    dest: /etc/default/jenkins
+    regexp: '^JENKINS_HOME='
+    line: 'JENKINS_HOME="{{ jenkins_home }}"'
+  tags:
+    - java
+    - jenkins
+    - install
+    - install:app-configuration
+
+# Move /var/lib/jenkins to Jenkins home (on the EBS)
+- name: Move /var/lib/jenkins
+  command: "mv /var/lib/jenkins {{ jenkins_home }}"
+  args:
+    creates: "{{ jenkins_home }}"
+  tags:
+    - install
+    - install:base
+
+- name: Set owner for Jenkins home
+  file:
+    path: "{{ jenkins_home }}"
+    recurse: yes
+    state: directory
+    owner: "{{ jenkins_user }}"
+    group: "{{ jenkins_group }}"
+  tags:
+    - install
+    - install:app-requirements  
+
+# Symlink /var/lib/jenkins to {{ COMMON_DATA_DIR }}/jenkins
+# since Jenkins will expect its files to be in /var/lib/jenkins
+- name: Symlink /var/lib/jenkins
+  file:
+    src: "{{ jenkins_home }}"
+    dest: /var/lib/jenkins
+    state: link
+    owner: "{{ jenkins_user }}"
+    group: "{{ jenkins_group }}"
+  tags:
+    - install
+    - install:base
+
+# Using this instead of the user module because the user module
+# fails if the directory exists.
+- name: Set home directory for jenkins user
+  shell: "usermod -d {{ jenkins_home }} {{ jenkins_user }}"
+  tags:
+    - install
+    - install:base
+
+# Plugins that are bundled with Jenkins are "pinned".
+# Jenkins will overwrite updated plugins with its built-in version
+# unless we create a ".pinned" file for the plugin.
+# See https://issues.jenkins-ci.org/browse/JENKINS-13129
+- name: Create plugin pin files
+  command: "touch {{ jenkins_home }}/plugins/{{ item }}.jpi.pinned"
+  args:
+    creates: "{{ jenkins_home }}/plugins/{{ item }}.jpi.pinned"
+  with_items: "{{ jenkins_bundled_plugins }}"
+  tags:
+    - install
+    - install:base
+
+- name: Setup nginix vhost
+  template:
+    src: "etc/nginx/sites-available/jenkins.j2"
+    dest: "/etc/nginx/sites-available/jenkins"
+  tags:
+    - install
+    - install:vhosts
+
+- name: Enable jenkins vhost
+  file:
+    src: "/etc/nginx/sites-available/jenkins"
+    dest: "/etc/nginx/sites-enabled/jenkins"
+    state: link
+  tags:
+    - install
+    - install:vhosts
+
+- name: restart Jenkinks
+  service:
+    name: jenkins
+    state: restarted
+  tags:
+    - manage
+    - manage:start  

playbooks/roles/jenkins_spigot/templates/etc/nginx/sites-available/jenkins.j2

+server {
+  listen {{ jenkins_nginx_port }};
+  server_name {{ jenkins_server_name }};
+
+  location / {
+    proxy_pass              http://localhost:{{ jenkins_port }};
+
+    {% if jenkins_protocol_https %}
+    # Rewrite HTTPS requests from WAN to HTTP requests on LAN
+    proxy_redirect http:// https://;
+    {% endif %}
+
+    # The following settings from https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
+    sendfile off;
+
+    proxy_set_header        Host $http_host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_connect_timeout   150;
+    proxy_send_timeout      100;
+    proxy_read_timeout      100;
+    proxy_buffers           4 32k;
+    client_max_body_size    16m;
+    client_body_buffer_size 128k;
+
+  }
+}

util/packer/jenkins_spigot.json

+{
+  "variables": {
+    "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
+    "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
+    "playbook_remote_dir": "/tmp/packer-edx-playbooks",
+    "venv_dir": "/edx/app/edx_ansible/venvs/edx_ansible",
+    "ami": "{{env `JENKINS_WORKER_AMI`}}",
+    "test_platform_version": "{{env `TEST_PLATFORM_VERSION`}}",
+    "delete_or_keep": "{{env `DELETE_OR_KEEP_AMI`}}",
+    "remote_branch": "{{env `REMOTE_BRANCH`}}"
+  },
+  "builders": [{
+    "type": "amazon-ebs",
+    "access_key": "{{user `aws_access_key`}}",
+    "secret_key": "{{user `aws_secret_key`}}",
+    "ami_name": "jenkins_worker-{{isotime | clean_ami_name}}",
+    "instance_type": "m3.large",
+    "region": "us-east-1",
+    "source_ami": "{{user `ami`}}",
+    "ssh_username": "ubuntu",
+    "ami_description": "jenkins worker",
+    "iam_instance_profile": "jenkins-worker",
+    "security_group_id": "sg-75af5e18",
+    "tags": {
+        "delete_or_keep": "{{user `delete_or_keep`}}"
+    }
+  }],
+  "provisioners": [{
+    "type": "shell",
+    "inline": ["rm -rf {{user `playbook_remote_dir`}}",
+      "mkdir {{user `playbook_remote_dir`}}"]
+  }, {
+    "type": "file",
+    "source": "stop-automatic-updates.sh",
+    "destination": "{{user `playbook_remote_dir`}}/stop-automatic-updates.sh"
+  }, {
+    "type": "file",
+    "source": "../../util/install/ansible-bootstrap.sh",
+    "destination": "{{user `playbook_remote_dir`}}/ansible-bootstrap.sh"
+  }, {
+    "type": "shell",
+    "inline": ["cd {{user `playbook_remote_dir`}}",
+      "export CONFIGURATION_VERSION='{{user `remote_branch`}}'",
+      "sudo bash ./stop-automatic-updates.sh",
+      "sudo bash ./ansible-bootstrap.sh" ]
+  }, {
+    "type": "ansible-local",
+    "playbook_file": "../../playbooks/edx-east/jenkins_spigot.yml",
+    "playbook_dir": "../../playbooks",
+    "command": ". {{user `venv_dir`}}/bin/activate && ansible-playbook",
+    "inventory_groups": "jenkins_worker",
+    "extra_arguments": [
+      "-vvv"
+    ]
+  }]
+}