--- # # edX Configuration # # github: https://github.com/edx/configuration # wiki: https://github.com/edx/configuration/wiki # code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions # license: https://github.com/edx/configuration/blob/master/LICENSE.TXT # # # # Tasks for role jenkins_admin # # Overview: # # # Dependencies: # # # Example play: # # - fail: "JENKINS_ADMIN_S3_PROFILE is not defined." when: JENKINS_ADMIN_S3_PROFILE is not defined - fail: "JENKINS_ADMIN_S3_PROFILE.name is not defined." when: JENKINS_ADMIN_S3_PROFILE.name is not defined - fail: "JENKINS_ADMIN_S3_PROFILE.access_key is not defined." when: JENKINS_ADMIN_S3_PROFILE.access_key is not defined - fail: "JENKINS_ADMIN_S3_PROFILE.secret_key is not defined." when: JENKINS_ADMIN_S3_PROFILE.secret_key is not defined - fail: "JENKINS_ADMIN_CONFIGURATION_REPO is not defined." when: JENKINS_ADMIN_CONFIGURATION_REPO is not defined - fail: "JENKINS_ADMIN_CONFIGURATION_SECURE_REPO is not defined." when: JENKINS_ADMIN_CONFIGURATION_SECURE_REPO is not defined - fail: "JENKINS_ADMIN_GIT_KEY is not defined." when: JENKINS_ADMIN_GIT_KEY is not defined - fail: "JENKINS_ADMIN_EC2_KEY is not defined." when: JENKINS_ADMIN_EC2_KEY is not defined # We first download the plugins to a temp directory and include # the version in the file name. That way, if we increment # the version, the plugin will be updated in Jenkins - name: download Jenkins plugins get_url: url=http://updates.jenkins-ci.org/download/plugins/{{ item.name }}/{{ item.version }}/{{ item.name }}.hpi dest=/tmp/{{ item.name }}_{{ item.version }} with_items: jenkins_admin_plugins - name: install Jenkins plugins command: cp /tmp/{{ item.name }}_{{ item.version }} {{ jenkins_home }}/plugins/{{ item.name }}.hpi with_items: jenkins_admin_plugins - name: set Jenkins plugin permissions file: path={{ jenkins_home }}/plugins/{{ item.name }}.hpi owner={{ jenkins_user }} group={{ jenkins_group }} mode=700 with_items: jenkins_admin_plugins notify: - restart Jenkins - name: configure s3 plugin template: > src="./{{ jenkins_home }}/hudson.plugins.s3.S3BucketPublisher.xml.j2" dest="{{ jenkins_home }}/hudson.plugins.s3.S3BucketPublisher.xml" owner={{ jenkins_user }} group={{ jenkins_group }} mode=0644 - name: create the ssh directory file: > path={{ jenkins_home }}/.ssh owner={{ jenkins_user }} group={{ jenkins_group }} mode=0700 state=directory # Need to add Github to known_hosts to avoid # being prompted when using git through ssh - name: Add github.com to known_hosts if it does not exist shell: > ssh-keygen -f {{ jenkins_home }}/.ssh/known_hosts -H -F github.com | grep -q found || ssh-keyscan -H github.com > {{ jenkins_home }}/.ssh/known_hosts - name: drop the secure credentials copy: > content="{{ JENKINS_ADMIN_GIT_KEY }}" dest={{ jenkins_home }}/.ssh/id_rsa owner={{ jenkins_user }} group={{ jenkins_group }} mode=0600 - name: create job directory file: > path="{{ jenkins_home }}/jobs" owner="{{ jenkins_user }}" group="{{ jenkins_group }}" mode=0755 state=directory - name: create admin job directories file: > path="{{ jenkins_home }}/jobs/{{ item }}" owner={{ jenkins_user }} group={{ jenkins_group }} mode=0755 state=directory with_items: jenkins_admin_jobs - name: create admin job config files template: > src="./{{ jenkins_home }}/jobs/{{ item }}/config.xml.j2" dest="{{ jenkins_home }}/jobs/{{ item }}/config.xml" owner={{ jenkins_user }} group={{ jenkins_group }} mode=0644 with_items: jenkins_admin_jobs - name: install system packages for edxapp virtualenvs apt: pkg={{ item }} state=present with_items: jenkins_admin_debian_pkgs # This is necessary so that ansible can run with # sudo set to True (as the jenkins user) on jenkins - name: grant sudo access to the jenkins user copy: > content="{{ jenkins_user }} ALL=({{ jenkins_user }}) NOPASSWD:ALL" dest=/etc/sudoers.d/99-jenkins owner=root group=root mode=0440 validate='visudo -cf %s' - name: install global gem dependencies gem: name={{ item.name }} state=present version={{ item.version }} with_items: jenkins_admin_gem_pkgs