ansible-jenkins-php-v1/roles/jenkins-php-v1/tasks/40_configure-jenkins.yml

---

# Needed to write a config.xml which is not changed at each Ansible run
- name: Get current Jenkins version
  shell: "{{ jenkins_cli_command }} version"
  changed_when: False
  check_mode: no
  register: result
- name: Set fact about current Jenkins version
  set_fact:
    current_jenkins_version: "{{ result.stdout_lines[0] }}"

- name: Upload main config.xml
  template:
    src: "{{ item }}"
    dest: "{{ jenkins_home }}/config.xml"
    owner: jenkins
    group: jenkins
    mode: 0644
    backup: yes
  with_first_found:
    - "config.xml.{{ ansible_fqdn }}.j2"
    - "config.xml.j2"
  notify: safe-restart jenkins and wait

- name: Upload JenkinsLocationConfiguration.xml
  template:
    src: "{{ item }}"
    dest: "{{ jenkins_home }}/jenkins.model.JenkinsLocationConfiguration.xml"
    owner: jenkins
    group: jenkins
    mode: 0644
    backup: yes
  with_first_found:
    - "jenkins.model.JenkinsLocationConfiguration.xml.{{ ansible_fqdn }}.j2"
    - "jenkins.model.JenkinsLocationConfiguration.xml.j2"
  notify: safe-restart jenkins and wait

- name: Upload ResourceDomainConfiguration.xml
  template:
    src: "{{ item }}"
    dest: "{{ jenkins_home }}/jenkins.security.ResourceDomainConfiguration.xml"
    owner: jenkins
    group: jenkins
    mode: 0644
    backup: yes
  with_first_found:
    - "jenkins.security.ResourceDomainConfiguration.xml.{{ ansible_fqdn }}.j2"
    - "jenkins.security.ResourceDomainConfiguration.xml.j2"
  notify: safe-restart jenkins and wait

# Generate a SSH RSA key pair if not already present
# (we do it without the Ansible module which is only available starting 2.8)
# (and we don't use become/become_user because it fails with a permission denied on /tmp/.ansible...)
- name: Generate SSH RSA key pair
  command: su -c 'ssh-keygen -q -t rsa -b 2048 -f ~/.ssh/id_rsa -N ""' - jenkins
  args:
    creates: "{{ jenkins_home }}/.ssh/id_rsa"
  #become_user: jenkins  # permission denied
  #become: yes
  register: result
- name: Retrieve the SSH public key
  slurp:
    src: "{{ jenkins_home }}/.ssh/id_rsa.pub"
  register: jenkins_ssh_public_key

# Upload this new key to the Jenkins credentials plugin system
# (the create/update/import-credential-as-xml is kinda cumbersome for our
#  usecase. No way to export the key or get a MD5/SHA256 of it, so we just
#  go for the credentials.xml file directly :)
- name: Retrieve the SSH private key
  slurp:
    src: "{{ jenkins_home }}/.ssh/id_rsa"
  register: tmp
  no_log: yes
- name: Set fact about SSH key
  set_fact:
    ssh_private_key: "{{ tmp.content | b64decode | trim }}"
  no_log: yes
- name: Upload SSH RSA key pair as credential in Jenkins
  template:
    src: "{{ item }}"
    dest: "{{ jenkins_home }}/credentials.xml"
    owner: jenkins
    group: jenkins
    mode: 0600
    force: yes
    backup: yes
  with_first_found:
    - "credentials.xml.{{ ansible_fqdn }}.j2"
    - "credentials.xml.j2"
  notify: safe-restart jenkins and wait
  #shell: cat /tmp/tmp.xml | java -jar /var/cache/jenkins/war/WEB-INF/jenkins-cli.jar -s http://localhost:8080/  -auth admin:$( cat /var/lib/jenkins/secrets/initialAdminPassword ) create-credentials-by-xml system::system::jenkins _
First commit 2020-01-17 23:35:15 +01:00			`---`

			`# Needed to write a config.xml which is not changed at each Ansible run`
			`- name: Get current Jenkins version`
			`shell: "{{ jenkins_cli_command }} version"`
			`changed_when: False`
			`check_mode: no`
			`register: result`
			`- name: Set fact about current Jenkins version`
			`set_fact:`
			`current_jenkins_version: "{{ result.stdout_lines[0] }}"`

			`- name: Upload main config.xml`
			`template:`
			`src: "{{ item }}"`
			`dest: "{{ jenkins_home }}/config.xml"`
			`owner: jenkins`
			`group: jenkins`
			`mode: 0644`
			`backup: yes`
			`with_first_found:`
			`- "config.xml.{{ ansible_fqdn }}.j2"`
			`- "config.xml.j2"`
			`notify: safe-restart jenkins and wait`

			`- name: Upload JenkinsLocationConfiguration.xml`
			`template:`
			`src: "{{ item }}"`
			`dest: "{{ jenkins_home }}/jenkins.model.JenkinsLocationConfiguration.xml"`
			`owner: jenkins`
			`group: jenkins`
			`mode: 0644`
			`backup: yes`
			`with_first_found:`
			`- "jenkins.model.JenkinsLocationConfiguration.xml.{{ ansible_fqdn }}.j2"`
			`- "jenkins.model.JenkinsLocationConfiguration.xml.j2"`
			`notify: safe-restart jenkins and wait`

First functional nginx version 2020-01-18 01:04:37 +01:00			`- name: Upload ResourceDomainConfiguration.xml`
			`template:`
			`src: "{{ item }}"`
			`dest: "{{ jenkins_home }}/jenkins.security.ResourceDomainConfiguration.xml"`
			`owner: jenkins`
			`group: jenkins`
			`mode: 0644`
			`backup: yes`
			`with_first_found:`
			`- "jenkins.security.ResourceDomainConfiguration.xml.{{ ansible_fqdn }}.j2"`
			`- "jenkins.security.ResourceDomainConfiguration.xml.j2"`
			`notify: safe-restart jenkins and wait`

First commit 2020-01-17 23:35:15 +01:00			`# Generate a SSH RSA key pair if not already present`
			`# (we do it without the Ansible module which is only available starting 2.8)`
			`# (and we don't use become/become_user because it fails with a permission denied on /tmp/.ansible...)`
			`- name: Generate SSH RSA key pair`
			`command: su -c 'ssh-keygen -q -t rsa -b 2048 -f ~/.ssh/id_rsa -N ""' - jenkins`
			`args:`
			`creates: "{{ jenkins_home }}/.ssh/id_rsa"`
			`#become_user: jenkins # permission denied`
			`#become: yes`
			`register: result`
Add a conclusion/todo-list + more generic on the gitea username + several corrections 2020-01-18 23:48:17 +01:00			`- name: Retrieve the SSH public key`
First commit 2020-01-17 23:35:15 +01:00			`slurp:`
			`src: "{{ jenkins_home }}/.ssh/id_rsa.pub"`
Add a conclusion/todo-list + more generic on the gitea username + several corrections 2020-01-18 23:48:17 +01:00			`register: jenkins_ssh_public_key`
First commit 2020-01-17 23:35:15 +01:00
			`# Upload this new key to the Jenkins credentials plugin system`
			`# (the create/update/import-credential-as-xml is kinda cumbersome for our`
			`# usecase. No way to export the key or get a MD5/SHA256 of it, so we just`
			`# go for the credentials.xml file directly :)`
			`- name: Retrieve the SSH private key`
			`slurp:`
			`src: "{{ jenkins_home }}/.ssh/id_rsa"`
			`register: tmp`
			`no_log: yes`
			`- name: Set fact about SSH key`
			`set_fact:`
			`ssh_private_key: "{{ tmp.content \| b64decode \| trim }}"`
			`no_log: yes`
			`- name: Upload SSH RSA key pair as credential in Jenkins`
			`template:`
			`src: "{{ item }}"`
			`dest: "{{ jenkins_home }}/credentials.xml"`
			`owner: jenkins`
			`group: jenkins`
			`mode: 0600`
			`force: yes`
			`backup: yes`
			`with_first_found:`
			`- "credentials.xml.{{ ansible_fqdn }}.j2"`
			`- "credentials.xml.j2"`
			`notify: safe-restart jenkins and wait`
			`#shell: cat /tmp/tmp.xml \| java -jar /var/cache/jenkins/war/WEB-INF/jenkins-cli.jar -s http://localhost:8080/ -auth admin:$( cat /var/lib/jenkins/secrets/initialAdminPassword ) create-credentials-by-xml system::system::jenkins _`