**Important : this playbook is quick'n dirty and work in progress. Carefully review before using it.** This Ansible playbook aims at setting a Jenkins CI host linked to Gitea repositories. It will : - install jenkins from pkg.jenkins.io - install the default JDK - install the Jenkins plugins requested for the jenkins-php.org templates - create a jenkins user `gitea` with restricted access just to launch a job - creates the specified jobs - install NginX and set up 2 vhost as recommended in https://wiki.jenkins.io/display/JENKINS/Configuring+Content+Security+Policy Most of the configuration should be available in the inventory. It is launched usually like this : `ansible-playbook site.yml` ## Prerequisite Hosts should be accessible via SSH as the root user (else, add the usual `remote_user`/`become` instructions in ansible.cfg) and with the Python prerequisite of Ansible (usually Only tested on Debian 10 amd64 so far, with Ansible 2.7.7. Note : to test or to limit to one particular host : ``` ansible foo.bar.com -m ping ansible-playbook -l foo.bar.com -C -D site.yml ``` ## Directory layout We follow (more or less) the recommendations of https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html with : - `site.yml` : *master playbook* - `ansible.cfg` and `inventory` : the first one set up some default configurations and introduce the second one : the inventory. - `roles/common/`, `roles/fooapp/` : the roles with their tree `tasks/main.yml`, `files/`, `handlers/main.yml`, ... - `group_vars/group1.yml` and `host_vars/hostname1.yml` : variables dedicated to a group or a host respectively. Note : contrary to some recommendations, I prefer to set the maximum of variables in the inventory instead of `host_vars` and `group_vars`. For a small playbook like this one, it seems acceptable. ## TODO - stop execution if host is running an untested system ? - use jenkins-cli to maintain credentials.xml ? It's not really easy to manipulate in Ansible at the moment... - update plugins, or at least display a warning when they are not up to date.