From e5ba0ac6105f9974f6a3451092c52df21cd7e461 Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Mon, 21 Sep 2020 21:58:42 -0400 Subject: [PATCH] Split Jenkins into agent and server tasks --- hypervisor.yml | 1 + roles/jenkins/tasks/agent.yml | 46 ++++++++++++++++++++++ roles/jenkins/tasks/main.yml | 70 ++-------------------------------- roles/jenkins/tasks/server.yml | 26 +++++++++++++ 4 files changed, 76 insertions(+), 67 deletions(-) create mode 100644 roles/jenkins/tasks/agent.yml create mode 100644 roles/jenkins/tasks/server.yml diff --git a/hypervisor.yml b/hypervisor.yml index de8db6d..e24f143 100644 --- a/hypervisor.yml +++ b/hypervisor.yml @@ -17,4 +17,5 @@ become: true roles: - base + - jenkins - libvirt diff --git a/roles/jenkins/tasks/agent.yml b/roles/jenkins/tasks/agent.yml new file mode 100644 index 0000000..d82dcb0 --- /dev/null +++ b/roles/jenkins/tasks/agent.yml @@ -0,0 +1,46 @@ +- name: Install GnuPG + apt: + name: gnupg + state: present + +- name: Create Jenkins user + user: + name: "{{ jenkins_user }}" + state: present + shell: /bin/bash + skeleton: /etc/skel + generate_ssh_key: true + +- name: Set Jenkins authorized key + authorized_key: + user: jenkins + state: present + exclusive: true + key: "{{ jenkins_sshkey }}" + +- name: Give Jenkins user passwordless sudo + template: + src: jenkins_sudoers.j2 + dest: /etc/sudoers.d/{{ jenkins_user }} + validate: "visudo -cf %s" + mode: 0440 + +- name: Install Ansible source + copy: + src: ansible.list + dest: /etc/apt/sources.list.d/ansible.list + +- name: Add Ansible source key + apt_key: + keyserver: keyserver.ubuntu.com + id: 93C4A3FD7BB9C367 + +- name: Install Ansible + apt: + name: ansible + state: present + +- name: Install Java + apt: + name: default-jre + state: present diff --git a/roles/jenkins/tasks/main.yml b/roles/jenkins/tasks/main.yml index ef27b0e..f65b290 100644 --- a/roles/jenkins/tasks/main.yml +++ b/roles/jenkins/tasks/main.yml @@ -1,69 +1,5 @@ -- name: Create Jenkins user - user: - name: "{{ jenkins_user }}" - state: present - shell: /bin/bash - skeleton: /etc/skel - generate_ssh_key: true - -- name: Set Jenkins authorized key - authorized_key: - user: jenkins - state: present - exclusive: true - key: "{{ jenkins_sshkey }}" +- import_tasks: agent.yml when: jenkins_sshkey is defined -- name: Give Jenkins user passwordless sudo - template: - src: jenkins_sudoers.j2 - dest: /etc/sudoers.d/{{ jenkins_user }} - validate: "visudo -cf %s" - mode: 0440 - -- name: Install Ansible source - copy: - src: ansible.list - dest: /etc/apt/sources.list.d/ansible.list - -- name: Add Ansible source key - apt_key: - keyserver: keyserver.ubuntu.com - id: 93C4A3FD7BB9C367 - -- name: Install Ansible - apt: - name: ansible - state: present - -- name: Install Java - apt: - name: default-jre - state: present - -- name: Create Jenkin's directory - file: - path: "{{ jenkins_root }}" - state: directory - owner: "1000" - group: "1000" - -- name: Start Jenkins Container - docker_container: - name: "{{ jenkins_name }}" - image: jenkins/jenkins:{{ jenkins_version }} - state: started - restart_policy: always - ports: - - 50000:50000 - volumes: "{{ jenkins_root }}:/var/jenkins_home" - networks_cli_compatible: true - networks: - - name: traefik - labels: - traefik.http.routers.jenkins.rule: "Host(`{{ jenkins_domain }}`)" - traefik.http.routers.jenkins.entrypoints: websecure - traefik.http.routers.jenkins.tls.certresolver: letsencrypt - traefik.http.routers.jenkins.middlewares: "securehttps@file" - traefik.docker.network: traefik - traefik.enable: "true" +- import_tasks: server.yml + when: jenkins_domain is defined diff --git a/roles/jenkins/tasks/server.yml b/roles/jenkins/tasks/server.yml new file mode 100644 index 0000000..e6f08b5 --- /dev/null +++ b/roles/jenkins/tasks/server.yml @@ -0,0 +1,26 @@ +- name: Create Jenkin's directory + file: + path: "{{ jenkins_root }}" + state: directory + owner: "1000" + group: "1000" + +- name: Start Jenkins Container + docker_container: + name: "{{ jenkins_name }}" + image: jenkins/jenkins:{{ jenkins_version }} + state: started + restart_policy: always + ports: + - 50000:50000 + volumes: "{{ jenkins_root }}:/var/jenkins_home" + networks_cli_compatible: true + networks: + - name: traefik + labels: + traefik.http.routers.jenkins.rule: "Host(`{{ jenkins_domain }}`)" + traefik.http.routers.jenkins.entrypoints: websecure + traefik.http.routers.jenkins.tls.certresolver: letsencrypt + traefik.http.routers.jenkins.middlewares: "securehttps@file" + traefik.docker.network: traefik + traefik.enable: "true"