Important : this playbook is quick'n dirty and work in progress. Carefully review before using it.

This Ansible playbook aims at setting a Jenkins CI host linked to Gitea repositories. It will :

• install jenkins from pkg.jenkins.io
• install the default JDK
• install the Jenkins plugins requested for the jenkins-php.org templates
• create a jenkins user gitea with restricted access just to launch a job
• creates the specified jobs
• install NginX and set up 2 vhost as recommended in https://wiki.jenkins.io/display/JENKINS/Configuring+Content+Security+Policy

Most of the configuration should be available in the inventory.

It is launched usually like this : ansible-playbook site.yml

Prerequisite

Hosts should be accessible via SSH as the root user (else, add the usual remote_user/become instructions in ansible.cfg) and with the Python prerequisite of Ansible (usually

Only tested on Debian 10 amd64 so far, with Ansible 2.7.7.

Note : to test or to limit to one particular host :

ansible foo.bar.com -m ping
ansible-playbook -l foo.bar.com -C -D site.yml

Directory layout

We follow (more or less) the recommendations of https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html with :

• site.yml : master playbook
• ansible.cfg and inventory : the first one set up some default configurations and introduce the second one : the inventory.
• roles/common/, roles/fooapp/ : the roles with their tree tasks/main.yml, files/, handlers/main.yml, ...
• group_vars/group1.yml and host_vars/hostname1.yml : variables dedicated to a group or a host respectively.

Note : contrary to some recommendations, I prefer to set the maximum of variables in the inventory instead of host_vars and group_vars. For a small playbook like this one, it seems acceptable.

TODO

• stop execution if host is running an untested system ?
• use jenkins-cli to maintain credentials.xml ? It's not really easy to manipulate in Ansible at the moment...
• update plugins, or at least display a warning when they are not up to date.