chl/ansible-jenkins-php-v1
Archived
1
0
Fork 0
Code Activity
This repository has been archived on 2023-11-22. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
ansible-jenkins-php-v1/roles/jenkins-php-v1/tasks/40_configure-jenkins.yml
Chl e54b5a5663 First commit
2020-01-17 23:35:15 +01:00

85 lines
2.9 KiB
YAML
Raw Blame History

---
# Needed to write a config.xml which is not changed at each Ansible run
- name: Get current Jenkins version
shell: "{{ jenkins_cli_command }} version"
changed_when: False
check_mode: no
register: result
- name: Set fact about current Jenkins version
set_fact:
current_jenkins_version: "{{ result.stdout_lines[0] }}"
- name: Upload main config.xml
template:
src: "{{ item }}"
dest: "{{ jenkins_home }}/config.xml"
owner: jenkins
group: jenkins
mode: 0644
backup: yes
with_first_found:
- "config.xml.{{ ansible_fqdn }}.j2"
- "config.xml.j2"
notify: safe-restart jenkins and wait
- name: Upload JenkinsLocationConfiguration.xml
template:
src: "{{ item }}"
dest: "{{ jenkins_home }}/jenkins.model.JenkinsLocationConfiguration.xml"
owner: jenkins
group: jenkins
mode: 0644
backup: yes
with_first_found:
- "jenkins.model.JenkinsLocationConfiguration.xml.{{ ansible_fqdn }}.j2"
- "jenkins.model.JenkinsLocationConfiguration.xml.j2"
notify: safe-restart jenkins and wait
# Generate a SSH RSA key pair if not already present
# (we do it without the Ansible module which is only available starting 2.8)
# (and we don't use become/become_user because it fails with a permission denied on /tmp/.ansible...)
- name: Generate SSH RSA key pair
command: su -c 'ssh-keygen -q -t rsa -b 2048 -f ~/.ssh/id_rsa -N ""' - jenkins
args:
creates: "{{ jenkins_home }}/.ssh/id_rsa"
#become_user: jenkins # permission denied
#become: yes
register: result
- name: Retrieve the SSH private key
slurp:
src: "{{ jenkins_home }}/.ssh/id_rsa.pub"
register: tmp
when: result.changed
- name: Ouput public key
debug:
msg: "Don't forget to set the public key on the Git repository and the deploy target : {{ tmp.content | b64decode | trim }}"
when: result.changed
# Upload this new key to the Jenkins credentials plugin system
# (the create/update/import-credential-as-xml is kinda cumbersome for our
# usecase. No way to export the key or get a MD5/SHA256 of it, so we just
# go for the credentials.xml file directly :)
- name: Retrieve the SSH private key
slurp:
src: "{{ jenkins_home }}/.ssh/id_rsa"
register: tmp
no_log: yes
- name: Set fact about SSH key
set_fact:
ssh_private_key: "{{ tmp.content | b64decode | trim }}"
no_log: yes
- name: Upload SSH RSA key pair as credential in Jenkins
template:
src: "{{ item }}"
dest: "{{ jenkins_home }}/credentials.xml"
owner: jenkins
group: jenkins
mode: 0600
force: yes
backup: yes
with_first_found:
- "credentials.xml.{{ ansible_fqdn }}.j2"
- "credentials.xml.j2"
notify: safe-restart jenkins and wait
#shell: cat /tmp/tmp.xml | java -jar /var/cache/jenkins/war/WEB-INF/jenkins-cli.jar -s http://localhost:8080/ -auth admin:$( cat /var/lib/jenkins/secrets/initialAdminPassword ) create-credentials-by-xml system::system::jenkins _
View git blame Copy permalink