First commit

2020-01-17 23:35:15 +01:00 · 2020-01-17 23:35:15 +01:00 · e54b5a5663
commit e54b5a5663
24 changed files with 3047 additions and 0 deletions
--- a/roles/jenkins-php-v1/tasks/40_configure-jenkins.yml
+++ b/roles/jenkins-php-v1/tasks/40_configure-jenkins.yml
@ -0,0 +1,85 @@
+---
+
+# Needed to write a config.xml which is not changed at each Ansible run
+- name: Get current Jenkins version
+  shell: "{{ jenkins_cli_command }} version"
+  changed_when: False
+  check_mode: no
+  register: result
+- name: Set fact about current Jenkins version
+  set_fact:
+    current_jenkins_version: "{{ result.stdout_lines[0] }}"
+
+- name: Upload main config.xml
+  template:
+    src: "{{ item }}"
+    dest: "{{ jenkins_home }}/config.xml"
+    owner: jenkins
+    group: jenkins
+    mode: 0644
+    backup: yes
+  with_first_found:
+    - "config.xml.{{ ansible_fqdn }}.j2"
+    - "config.xml.j2"
+  notify: safe-restart jenkins and wait
+
+- name: Upload JenkinsLocationConfiguration.xml
+  template:
+    src: "{{ item }}"
+    dest: "{{ jenkins_home }}/jenkins.model.JenkinsLocationConfiguration.xml"
+    owner: jenkins
+    group: jenkins
+    mode: 0644
+    backup: yes
+  with_first_found:
+    - "jenkins.model.JenkinsLocationConfiguration.xml.{{ ansible_fqdn }}.j2"
+    - "jenkins.model.JenkinsLocationConfiguration.xml.j2"
+  notify: safe-restart jenkins and wait
+
+# Generate a SSH RSA key pair if not already present
+# (we do it without the Ansible module which is only available starting 2.8)
+# (and we don't use become/become_user because it fails with a permission denied on /tmp/.ansible...)
+- name: Generate SSH RSA key pair
+  command: su -c 'ssh-keygen -q -t rsa -b 2048 -f ~/.ssh/id_rsa -N ""' - jenkins
+  args:
+    creates: "{{ jenkins_home }}/.ssh/id_rsa"
+  #become_user: jenkins  # permission denied
+  #become: yes
+  register: result
+- name: Retrieve the SSH private key
+  slurp:
+    src: "{{ jenkins_home }}/.ssh/id_rsa.pub"
+  register: tmp
+  when: result.changed
+- name: Ouput public key
+  debug:
+    msg: "Don't forget to set the public key on the Git repository and the deploy target : {{ tmp.content | b64decode | trim }}"
+  when: result.changed
+
+# Upload this new key to the Jenkins credentials plugin system
+# (the create/update/import-credential-as-xml is kinda cumbersome for our
+#  usecase. No way to export the key or get a MD5/SHA256 of it, so we just
+#  go for the credentials.xml file directly :)
+- name: Retrieve the SSH private key
+  slurp:
+    src: "{{ jenkins_home }}/.ssh/id_rsa"
+  register: tmp
+  no_log: yes
+- name: Set fact about SSH key
+  set_fact:
+    ssh_private_key: "{{ tmp.content | b64decode | trim }}"
+  no_log: yes
+- name: Upload SSH RSA key pair as credential in Jenkins
+  template:
+    src: "{{ item }}"
+    dest: "{{ jenkins_home }}/credentials.xml"
+    owner: jenkins
+    group: jenkins
+    mode: 0600
+    force: yes
+    backup: yes
+  with_first_found:
+    - "credentials.xml.{{ ansible_fqdn }}.j2"
+    - "credentials.xml.j2"
+  notify: safe-restart jenkins and wait
+  #shell: cat /tmp/tmp.xml | java -jar /var/cache/jenkins/war/WEB-INF/jenkins-cli.jar -s http://localhost:8080/  -auth admin:$( cat /var/lib/jenkins/secrets/initialAdminPassword ) create-credentials-by-xml system::system::jenkins _