emmetog / ansible-jenkins Goto Github PK
View Code? Open in Web Editor NEWAnsible role to install and fully configure Jenkins CI in Docker
License: MIT License
Ansible role to install and fully configure Jenkins CI in Docker
License: MIT License
As of Jenkins 2.190.1, using the default crumbIssuer
has become much harder. Please refer to https://jenkins.io/security/advisory/2019-08-28/ and https://jenkins.io/doc/upgrade-guide/2.176/#SECURITY-626 for more background information.
Role provisioning runs without errors.
Errors like the following occur when trying to do crumb-based activities, such as putting Jenkins into quiet mode:
TASK [emmetog.jenkins : Set quiet mode] ******************************************************
task path: /Users/nre/Code/nre-ableton/ansible-jenkins/tasks/set-quiet-mode.yml:4
Monday 14 October 2019 17:38:10 +0200 (0:00:00.124) 0:00:28.156 ********
fatal: [jenkins-master-sandbox]: FAILED! => {"cache_control": "must-revalidate,no-cache,no-store", "changed": false, "connection": "close", "content": "<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\"/>\n<title>Error 403 No valid crumb was included in the request</title>\n</head>\n<body><h2>HTTP ERROR 403</h2>\n<p>Problem accessing /quietDown. Reason:\n<pre> No valid crumb was included in the request</pre></p><hr><a href=\"http://eclipse.org/jetty\">Powered by Jetty:// 9.4.z-SNAPSHOT</a><hr/>\n\n</body>\n</html>\n", "content_length": "390", "content_type": "text/html;charset=iso-8859-1", "date": "Mon, 14 Oct 2019 15:38:11 GMT", "elapsed": 0, "msg": "Status code was 403 and not [200, 302]: HTTP Error 403: No valid crumb was included in the request", "redirected": false, "server": "Jetty(9.4.z-SNAPSHOT)", "set_cookie": "JSESSIONID.54a45fbb=node017yk56iwafcmi1g89szu6ey71u5.node0;Path=/;HttpOnly", "status": 403, "url": "http://sandbox:8080/quietDown", "x_content_type_options": "nosniff"}
PLAY [127.0.0.1] *****************************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [emmetog.jenkins : include] *************************************************************************************************************************************************************************
included: /root/jenkins/ansible-jenkins/roles/emmetog.jenkins/tasks/docker/install.yml for 127.0.0.1
TASK [emmetog.jenkins : Ensure jenkins home dir is created] **********************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "msg": "chown failed: failed to look up user ubuntu", "owner": "root", "path": "/data/jenkins", "secontext": "unconfined_u:object_r:default_t:s0", "size": 4096, "state": "directory", "uid": 0}
to retry, use: --limit @/root/jenkins/ansible-jenkins/deploy-jenkins.retry
PLAY RECAP ***********************************************************************************************************************************************************************************************
127.0.0.1 : ok=2 changed=0 unreachable=0 failed=1
I've tried to make the plugin installation work for a while now, but unless I give full read-write access to everyone on the internet, it doesn't work. For example with crumbs, I get:
TASK [emmetog.jenkins : Get crumb for Jenkins API] *************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Set Jenkins token from crumb] **********************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Initialize Jenkins crumb cookie fact] **************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Save Jenkins crumb cookie for Jenkins >= 2.176.2] **************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Set quiet mode with API token] *********************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Set quiet mode with crumb] *************************************************************************************
fatal: [jenkins]: FAILED! => {"changed": false, "connection": "close", "content": "<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2FquietDown'/><script>window.location.replace('/login?from=%2FquietDown');</script></head><body style='background-color:white; color:white;'>\n\n\nAuthentication required\n<!--\nYou are authenticated as: anonymous\nGroups that you are in:\n \nPermission you need to have (but didn't): hudson.model.Hudson.Administer\n-->\n\n</body></html> ", "content_length": "695", "content_type": "text/html;charset=utf-8", "date": "Mon, 25 Nov 2019 09:48:52 GMT", "elapsed": 0, "msg": "Status code was 403 and not [200, 302]: HTTP Error 403: Forbidden", "redirected": false, "server": "Jetty(9.4.z-SNAPSHOT)", "status": 403, "url": "https://xxxxxx:8080/quietDown", "x_content_type_options": "nosniff", "x_hudson": "1.395", "x_hudson_cli_port": "36651", "x_jenkins": "2.190.3", "x_jenkins_cli2_port": "36651", "x_jenkins_cli_port": "36651", "x_jenkins_session": "2a16c81b", "x_required_permission": "hudson.model.Hudson.Administer", "x_you_are_authenticated_as": "anonymous", "x_you_are_in_group_disabled": "JENKINS-39402: use -Dhudson.security.AccessDeniedException2.REPORT_GROUP_HEADERS=true or use /whoAmI to diagnose"}
The section in the README doesn't go into enough detail on what the requirements are to make this work.
To automatically insert the password found in /var/lib/jenkins/secrets/initialAdminPassword
I get an error saying:
" Could not find or access '~/My_Projects/gitlab/ansible-provisioner/provisioner/jenkins-configs/secrets/' "
should refer directly stop and start yaml files
it refers yum directory too in path
I'm curious if there is any particular reason that this role manually installs jobs and plugins instead of using the built-in jenkins_job
and jenkins_plugin
modules? Is it simply because this role predates the introduction of these modules? Or is there some other reason?
Would you be opposed to a PR which migrates this role to use these modules? If you are not, I'd gladly submit one. In general, I think that unless we have a specific reason not to use the built-in features, we should probably use them.
- name: install jenkins
become: yes
import_role:
name: emmetog.jenkins
vars:
jenkins_version: "2.190.3"
jenkins_url: xxxxx
jenkins_port: 8080
jenkins_install_via: "apt"
jenkins_home: "/home/jenkins/data"
jenkins_admin: "xxxxx"
jenkins_java_opts: "-Djenkins.install.runSetupWizard=false"
jenkins_config_owner: "jenkins"
jenkins_config_group: "jenkins"
# The locations of the configuration files for jenkins
jenkins_source_dir_configs: "{{ playbook_dir }}/jenkins-configs"
jenkins_source_dir_jobs: "{{ jenkins_source_dir_configs }}/jobs"
# config.xml template source
jenkins_source_config_xml: "{{ jenkins_source_dir_configs }}/config.xml"
# Include custom files for jenkins installation
jenkins_include_custom_files: true
jenkins_custom_files:
- src: "credentials.xml"
dest: "credentials.xml"
- src: "hudson.plugins.git.GitSCM.xml"
dest: "hudson.plugins.git.GitSCM.xml"
- src: "hudson.plugins.jira.JiraProjectProperty.xml"
dest: "hudson.plugins.jira.JiraProjectProperty.xml"
- src: "jenkins.CLI.xml"
dest: "jenkins.CLI.xml"
- src: "jenkins.model.JenkinsLocationConfiguration.xml"
dest: "jenkins.model.JenkinsLocationConfiguration.xml"
- src: "jenkins.plugins.slack.SlackNotifier.xml"
dest: "jenkins.plugins.slack.SlackNotifier.xml"
- src: "org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml"
dest: "org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml"
# Include secrets directory during installation
jenkins_include_secrets: false
jenkins_source_secrets: "{{ jenkins_source_dir_configs }}/secrets/"
# The names of the jobs (config.xml must exist under jenkins_source_dir_jobs/job_name/)
jenkins_jobs: ["beta"]
# These plugins will be installed in the jenkins instance
jenkins_plugins:
- ace-editor
- antisamy-markup-formatter
- apache-httpcomponents-client-4-api
- authentication-tokens
- bitbucket
- bouncycastle-api
- branch-api
- build-name-setter
- build-pipeline-plugin
- build-timeout
- cloudbees-folder
- command-launcher
- conditional-buildstep
- config-file-provider
- copyartifact
- credentials
- credentials-binding
- dashboard-view
- display-url-api
- docker-commons
- docker-workflow
- durable-task
- git
- git-client
- git-server
- github
- github-api
- github-branch-source
- google-login
- gradle
- handlebars
- jackson2-api
- javadoc
- jdk-tool
- jquery
- jquery-detached
- jsch
- junit
- locale
- lockable-resources
- mailer
- matrix-auth
- matrix-project
- maven-plugin
- mercurial
- momentjs
- pam-auth
- parameterized-trigger
- pipeline-build-step
- pipeline-github-lib
- pipeline-graph-analysis
- pipeline-input-step
- pipeline-milestone-step
- pipeline-model-api
- pipeline-model-declarative-agent
- pipeline-model-definition
- pipeline-model-extensions
- pipeline-rest-api
- pipeline-stage-step
- pipeline-stage-tags-metadata
- pipeline-stage-view
- plain-credentials
- rebuild
- resource-disposer
- run-condition
- scm-api
- script-security
- ssh
- ssh-agent
- ssh-credentials
- ssh-slaves
- structs
- throttle-concurrents
- timestamper
- token-macro
- workflow-aggregator
- workflow-api
- workflow-basic-steps
- workflow-cps
- workflow-cps-global-lib
- workflow-durable-task-step
- workflow-job
- workflow-multibranch
- workflow-scm-step
- workflow-step-api
- workflow-support
- ws-cleanup
# List of sources of custom jenkins plugins to install
jenkins_custom_plugins:
- "{{ playbook_dir }}/jenkins-configs/jira-3.0.6.aa180a6.hpi"
- "{{ playbook_dir }}/jenkins-configs/bbprb-0.3.0.942c650.hpi"
ansible log
TASK [emmetog.jenkins : Warn if jenkins_url is defined] ********************************************************************************
ok: [jenkins] => {
"msg": "Please define jenkins_hostname instead of jenkins_url"
}
TASK [emmetog.jenkins : Sanity check Jenkins authentication mechanism variable] ********************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Sanity check API token] ****************************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Sanity check API username] *************************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Set jenkins_url fact for backwards-compatibility installations] ************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Set jenkins_url fact for HTTP] *********************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Set jenkins_url fact for HTTPS] ********************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : include] *******************************************************************************************************
included: /home/maerwald/git/Terraform-Ansible/roles/emmetog.jenkins/tasks/apt/install.yml for jenkins
TASK [emmetog.jenkins : Create Jenkins group] ******************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Create Jenkins user] *******************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Install apt PPA dependencies] **********************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Install the Debian keyring] ************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Add Debian experimental repository for OpenJDK] ****************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Add Debian sid repository for OpenJDK] *************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Create pinning file for apt] ***********************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Install apt packages] ******************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Set default Java version] **************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Add Jenkins key] ***********************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Add Jenkins repository] ****************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Install Jenkins binary package] ********************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : include_tasks] *************************************************************************************************
included: /home/maerwald/git/Terraform-Ansible/roles/emmetog.jenkins/tasks/apt/stop.yml for jenkins
TASK [emmetog.jenkins : Jenkins is stopped] ********************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Wait for Jenkins to stop] **************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Set JENKINS_HOME] **********************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Set Jenkins port for HTTP] *************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Set Jenkins port for HTTPS] ************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Set Jenkins Java command line options] *************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Ensure correct ownership of JENKINS_HOME directory] ************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Ensure main configuration file is up to date] ******************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Configure Jenkins location] ************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Initialize Jenkins secrets dir fact] ***************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Copy secrets] **************************************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Ensure correct ownership of secrets directory] *****************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Copy JKS keystore credentials] *********************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Copy CA signed certificate] ************************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Copy CA certificate private key] *******************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Initialize HTTPS credentials fact] *****************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Set JKS keystore credentials] **********************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Set fact for HTTPS certificate file] ***************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Set CA signed certificate credentials] *************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Set Jenkins command line options] ******************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : include_tasks] *************************************************************************************************
included: /home/maerwald/git/Terraform-Ansible/roles/emmetog.jenkins/tasks/apt/stop.yml for jenkins
TASK [emmetog.jenkins : Jenkins is stopped] ********************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Wait for Jenkins to stop] **************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Create intermediate dirs for custom files] *********************************************************************
ok: [jenkins] => (item={'src': 'credentials.xml', 'dest': 'credentials.xml'})
ok: [jenkins] => (item={'src': 'hudson.plugins.git.GitSCM.xml', 'dest': 'hudson.plugins.git.GitSCM.xml'})
ok: [jenkins] => (item={'src': 'hudson.plugins.jira.JiraProjectProperty.xml', 'dest': 'hudson.plugins.jira.JiraProjectProperty.xml'})
ok: [jenkins] => (item={'src': 'jenkins.CLI.xml', 'dest': 'jenkins.CLI.xml'})
ok: [jenkins] => (item={'src': 'jenkins.model.JenkinsLocationConfiguration.xml', 'dest': 'jenkins.model.JenkinsLocationConfiguration.xml'})
ok: [jenkins] => (item={'src': 'jenkins.plugins.slack.SlackNotifier.xml', 'dest': 'jenkins.plugins.slack.SlackNotifier.xml'})
ok: [jenkins] => (item={'src': 'org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml', 'dest': 'org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml'})
TASK [emmetog.jenkins : Configure custom files] ****************************************************************************************
changed: [jenkins] => (item={'src': 'credentials.xml', 'dest': 'credentials.xml'})
changed: [jenkins] => (item={'src': 'hudson.plugins.git.GitSCM.xml', 'dest': 'hudson.plugins.git.GitSCM.xml'})
changed: [jenkins] => (item={'src': 'hudson.plugins.jira.JiraProjectProperty.xml', 'dest': 'hudson.plugins.jira.JiraProjectProperty.xml'})
changed: [jenkins] => (item={'src': 'jenkins.CLI.xml', 'dest': 'jenkins.CLI.xml'})
changed: [jenkins] => (item={'src': 'jenkins.model.JenkinsLocationConfiguration.xml', 'dest': 'jenkins.model.JenkinsLocationConfiguration.xml'})
changed: [jenkins] => (item={'src': 'jenkins.plugins.slack.SlackNotifier.xml', 'dest': 'jenkins.plugins.slack.SlackNotifier.xml'})
changed: [jenkins] => (item={'src': 'org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml', 'dest': 'org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml'})
TASK [emmetog.jenkins : Custom plugins are installed] **********************************************************************************
changed: [jenkins] => (item=/home/maerwald/git/Terraform-Ansible/jenkins/playbooks/jenkins-configs/jira-3.0.6.aa180a6.hpi)
changed: [jenkins] => (item=/home/maerwald/git/Terraform-Ansible/jenkins/playbooks/jenkins-configs/bbprb-0.3.0.942c650.hpi)
TASK [emmetog.jenkins : include_tasks] *************************************************************************************************
included: /home/maerwald/git/Terraform-Ansible/roles/emmetog.jenkins/tasks/start.yml for jenkins
TASK [emmetog.jenkins : include_tasks] *************************************************************************************************
included: /home/maerwald/git/Terraform-Ansible/roles/emmetog.jenkins/tasks/apt/start.yml for jenkins
TASK [emmetog.jenkins : Jenkins is started] ********************************************************************************************
ok: [jenkins]
Instance fails to start, because configuration for google oauth exists, but the plugin is not installed via provisioning.
My working environment is a Windows 10 PC on which I run one VirtualBox based, Vagrant controlled CentOS 7 VM as Ansible master and another one as installation target. These are configured with one NAT NIC and one Host Only NIC each. I'm running behind a firewall so I setup proxy configurations in various places. The ansible-jenkins
role is included from another role which sets up the environment: installs Docker, creates the Jenkins config directory, etc. My settings are very similar to the examples from the README file:
jenkins_version: "2.73.1"
jenkins_url: "http://127.0.0.1"
jenkins_port: 8080
jenkins_install_via: "docker"
jenkins_config_owner: "vagrant"
jenkins_config_group: "vagrant"
jenkins_java_opts: "-Djenkins.install.runSetupWizard=false"
jenkins_home: /data/jenkins
jenkins_source_dir_configs: files/jenkins-configs
jenkins_source_dir_jobs: "{{ jenkins_source_dir_configs }}/jobs"
jenkins_include_custom_files: true
jenkins_custom_files:
- src: "proxy.xml"
dest: "proxy.xml"
jenkins_jobs:
- "my-first-job"
jenkins_plugins:
- git
- log-parser
- copyartifact
- workflow-aggregator
- workflow-multibranch
- docker-workflow
- subversion
- template-project
I'm running Jenkins as vagrant because it has uid 1000 in my VM's. I'd expect this installation to complete successfully.
Installation fails at the wait_for
task. None of the *.jpi
files ever appear in the /data/jenkins/plugins/
directory. From the logs I see that all the attempts to install the specified plugins have similar results:
ok: [owf-dev-server] => (item=template-project) => {
"changed": false,
"connection": "close",
"date": "Mon, 25 Feb 2019 11:23:59 GMT",
"invocation": {
"module_args": {
"attributes": null,
"backup": null,
"body": "<jenkins><install plugin=\"template-project@latest\" /></jenkins>",
"body_format": "raw",
"client_cert": null,
"client_key": null,
"content": null,
"creates": null,
"delimiter": null,
"dest": null,
"directory_mode": null,
"follow": false,
"follow_redirects": "safe",
"force": false,
"force_basic_auth": false,
"group": null,
"headers": {
"Content-Type": "text/xml"
},
"http_agent": "ansible-httpget",
"method": "POST",
"mode": null,
"owner": null,
"regexp": null,
"remote_src": null,
"removes": null,
"return_content": false,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"status_code": [
"200",
"302"
],
"timeout": 30,
"unsafe_writes": null,
"url": "http://127.0.0.1:8080/pluginManager/installNecessaryPlugins",
"url_password": null,
"url_username": null,
"use_proxy": true,
"validate_certs": true
}
},
"item": "template-project",
"location": "http://127.0.0.1:8080/updateCenter",
"msg": "HTTP Error 302: Found",
"redirected": false,
"server": "Jetty(9.4.z-SNAPSHOT)",
"status": 302,
"url": "http://127.0.0.1:8080/pluginManager/installNecessaryPlugins",
"x_content_type_options": "nosniff"
Is it correct that location points to a localhost URI?
I'm afraid it's not easy to reproduce my setup, as it's rather convoluted. I'm eager to provide additional information, but I'm not sure about what could be of use.
I would like to propose a few spelling corrections to variables, Additionally listed below:
diff --git a/README.md b/README.md
index 08a9457..88f091b 100644
--- a/README.md
+++ b/README.md
@@ -178,8 +178,8 @@ The example above will look for the job configs in
The role will also look for `{{ playbook_dir }}/jenkins-configs/config.xml`
These config.xml will be templated over to the server to be used as the job cfi
guration.
-It will upload the whole secrets directory under `{{ playbook_dir }}/jenkins-nf
igs/secrets` and configure custom files provided under `{{ jenkins_custom_files
}}` variable. Note that `{{ jenkins_include_secrets }}` and `{{ jenkins_include_
custom_files }}` varibales should be set to true for these to work.
-Additionaly the role can install custom plugins by providing the .jpi or .hpiil
es as a list under `{{ jenkins_custom_plugins }}` variable.
+It will upload the whole secrets directory under `{{ playbook_dir }}/jenkins-nf
igs/secrets` and configure custom files provided under `{{ jenkins_custom_files
}}` variable. Note that `{{ jenkins_include_secrets }}` and `{{ jenkins_include_
custom_files }}` variables should be set to true for these to work.
+Additionally the role can install custom plugins by providing the .jpi or .hpfi
les as a list under `{{ jenkins_custom_plugins }}` variable.
config.xml and custom files are templated so you can put variables in them,
for example it would be a good idea to encrypt sensitive variables
Currently, using the Playbook fails during the stop task, as that task does not use the "{{ jenkins_docker_image }}:{{ jenkins_version }}" image, but "jenkins:{{ jenkins_version }}", completely ignoring the ansible variable.
The normal jenkins repository is deprecated, in favor of the jenkins/jenkins one.
Running the Playbook is expected to run and succeed.
Running the fails with the following: http://paste.openstack.org/show/622543/
Changing the tasks/docker/stop.yml task's image to "{{ jenkins_docker_image }}:{{ jenkins_version }}" solves the issue.
Jenkins-crumb received and proceed with plugin installation
fatal: [localhost]: FAILED! => {"changed": false, "content": "", "msg": "Status code was not [200, 404]: Request failed: <urlopen error [Errno 111] Connection refused>", "redirected": false, "status": -1, "url": "http://127.0.0.1:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\":\",//crumb)"}
I am getting crumb with curl command, with ansible it is failing with above error -
curl "http://127.0.0.1:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\":\",//crumb)"
Jenkins-Crumb:cd50b99693fa890d69f70cd7ead94ca3
Could you please check this error
Hi!
I am attempting install Jenkins on a brand new Ubuntu 20.04 machine using your role.
My playbook looks like this:
`- hosts: test
vars:
jenkins_version: "2.289.2"
jenkins_hostname: "127.0.0.1"
jenkins_port: 8080
jenkins_install_via: "apt"
jenkins_plugins:
- git
- blueocean
roles:
- emmetog.jenkins
`
However the deployment fails at the "Wait for Jenkins to start" stage after having exhausted all the retries. If at this point if I try access Jenkins on 127.0.0.1:8080 I am met with an error page presenting the following exception:
java.io.IOException: Permission denied at java.io.UnixFileSystem.createFileExclusively(Native Method) at java.io.File.createTempFile(File.java:2063) at hudson.util.AtomicFileWriter.<init>(AtomicFileWriter.java:143) Caused: java.io.IOException: Failed to create a temporary file in /data/jenkins at hudson.util.AtomicFileWriter.<init>(AtomicFileWriter.java:145) at hudson.util.AtomicFileWriter.<init>(AtomicFileWriter.java:110) at hudson.util.AtomicFileWriter.<init>(AtomicFileWriter.java:75) at hudson.util.TextFile.write(TextFile.java:116) at jenkins.model.Jenkins.<init>(Jenkins.java:906) at hudson.model.Hudson.<init>(Hudson.java:86) at hudson.model.Hudson.<init>(Hudson.java:82) at hudson.WebAppMain$3.run(WebAppMain.java:295) Caused: hudson.util.HudsonFailedToLoad at hudson.WebAppMain$3.run(WebAppMain.java:312)
Hence it seems to be a permissions issue. Please advice me on what to do to get around this.
Thank you in advance!
The "Wait for Jenkins to start" task succeeds.
It doesn't succeed.
The main url returns 403 when google oauth is configured. But I think it is actually timing out... from within the playbook it never succeeds nor returns, even after I changed it to:
---
- include_tasks: "{{ jenkins_install_via }}/start.yml"
- name: Wait for Jenkins to start
uri:
url: "{{ jenkins_url }}"
validate_certs: "{{ jenkins_https_validate_certs }}"
status_code: [200, 403, 503]
timeout: 5
become: false
register: jenkins_home_content
# Jenkins will return 503 (service unavailable) on the home page while
# starting (the "Please wait while Jenkins is getting ready to work" page)
until: not (jenkins_home_content.status == 503)
retries: 5
delay: 5
Why cant I deploy this and have security enabled.
even when I remove the auth strategy $Unsecure and Security realm from my config.xml
You role still leaves me wide open and adds the entries in the config.xml none the less.
https://github.com/emmetog/ansible-jenkins/blob/master/tasks/apt/install.yml#L54
To get the latest release 2.209, I need 'debian': https://pkg.jenkins.io/debian/
This should be configurable.
Hi! Nice job, I like this role!
I have a dir like this
config/
.ssh/
id_rsa
prodSlaveFiles/
..
init.groovy.d/
..
credentials.xml
hudson.plugins.git.GitSCM.xml
...
How to set jenkins_custom_files to copy content of folder to jenkins_home?
On yum installations jenkins config should be written to /etc/sysconfig/jenkins
jenkins config is hard coded to /etc/default/jenkins
in tasks/configure-jenkins.yml replace hard coded /etc/default/jenkins with jenkins_config_file which will be autimatically set to /etc/default/jenkins on apt installation and /etc/sysconfig/jenkins on yum installation type
Hi,
I found a fix for this but unfortunately I don't have time to pull/modify/push etc., so I figured I would put it here so you can make the quick update.
Playbook failed here:
TASK [emmetog.jenkins : Create Jenkins user] **********************************************************************************************************************************************************************************************************************************
fatal: [hostname]: FAILED! => {"changed": false, "failed": true, "msg": "useradd: cannot create directory /data/jenkins\n", "name": "ubuntu", "rc": 12}
Manual fix:
If there is no /data directory on the target, create one manually.
This means that I have to add an extra step to my VM creation script to create a /data directory. Obviously that works for me for now, but it would be good to have this fixed / improve the error handling for it so other users don't run into the same issue.
Hope this helps.
This is regarding the current 'ansible galaxy' version. The output I'm seeing from ansible-playbook -vvvv
when it reaches the task for installing Jenkins plugins is as follows:
TASK [emmetog.jenkins : Plugins are installed] ********************************* task path: /private/etc/ansible/roles/emmetog.jenkins/tasks/configure-jenkins.yml:15 Using module file /Library/Python/2.7/site-packages/ansible/modules/core/commands/command.py <35.184.23.176> ESTABLISH SSH CONNECTION FOR USER: gdaley <35.184.23.176> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r 35.184.23.176 '/bin/sh -c '"'"'( umask 77 && mkdir -p "
echo ~/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182 " && echo ansible-tmp-1489042876.1-249571663650182="
echo ~/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182 `" ) && sleep 0'"'"''
<35.184.23.176> PUT /var/folders/pd/7tzc73115n99cwmzk66l9mxw0000gn/T/tmpihLBad TO /home/gdaley/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182/command.py
<35.184.23.176> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r '[35.184.23.176]'
<35.184.23.176> ESTABLISH SSH CONNECTION FOR USER: gdaley
<35.184.23.176> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r 35.184.23.176 '/bin/sh -c '"'"'chmod u+x /home/gdaley/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182/ /home/gdaley/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182/command.py && sleep 0'"'"''
<35.184.23.176> ESTABLISH SSH CONNECTION FOR USER: gdaley
<35.184.23.176> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r -tt 35.184.23.176 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-rlqzlsvzcfhnxtijbmlpgpetsuiugsce; /usr/bin/python /home/gdaley/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182/command.py; rm -rf "/home/gdaley/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182/" > /dev/null 2>&1'"'"'"'"'"'"'"'"' && sleep 0'"'"''
changed: [35.184.23.176] => (item=jenkins_plugins) => {
"changed": true,
"cmd": "curl -X POST -d '<install plugin="jenkins_plugins@latest" />' --header 'Content-Type: text/xml' http://jenkins-my-js-pipeline.gdaley.com:80/pluginManager/installNecessaryPlugins",
"delta": "0:00:00.072227",
"end": "2017-03-09 07:01:19.069746",
"invocation": {
"module_args": {
"_raw_params": "curl -X POST -d '<install plugin="jenkins_plugins@latest" />' --header 'Content-Type: text/xml' http://jenkins-my-js-pipeline.gdaley.com:80/pluginManager/installNecessaryPlugins",
"_uses_shell": true,
"chdir": null,
"creates": "/data/jenkins/plugins/jenkins_plugins",
"executable": null,
"removes": null,
"warn": true
},
"module_name": "command"
},
"item": "jenkins_plugins",
"rc": 0,
"start": "2017-03-09 07:01:18.997519",
"stderr": " % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\r100 62 0 0 100 62 0 941 --:--:-- --:--:-- --:--:-- 953",
"stdout": "",
"stdout_lines": [],
"warnings": [
"Consider using get_url or uri module rather than running curl"
]
}
TASK [emmetog.jenkins : wait_for] **********************************************
task path: /private/etc/ansible/roles/emmetog.jenkins/tasks/configure-jenkins.yml:25
Using module file /Library/Python/2.7/site-packages/ansible/modules/core/utilities/logic/wait_for.py
<35.184.23.176> ESTABLISH SSH CONNECTION FOR USER: gdaley
<35.184.23.176> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r 35.184.23.176 '/bin/sh -c '"'"'( umask 77 && mkdir -p "echo ~/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344
" && echo ansible-tmp-1489042879.23-54183515335344="echo ~/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344
" ) && sleep 0'"'"''
<35.184.23.176> PUT /var/folders/pd/7tzc73115n99cwmzk66l9mxw0000gn/T/tmpXisF_7 TO /home/gdaley/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344/wait_for.py
<35.184.23.176> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r '[35.184.23.176]'
<35.184.23.176> ESTABLISH SSH CONNECTION FOR USER: gdaley
<35.184.23.176> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r 35.184.23.176 '/bin/sh -c '"'"'chmod u+x /home/gdaley/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344/ /home/gdaley/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344/wait_for.py && sleep 0'"'"''
<35.184.23.176> ESTABLISH SSH CONNECTION FOR USER: gdaley
<35.184.23.176> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r -tt 35.184.23.176 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-saawgielycrhzudazlxqojxlokialoew; /usr/bin/python /home/gdaley/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344/wait_for.py; rm -rf "/home/gdaley/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344/" > /dev/null 2>&1'"'"'"'"'"'"'"'"' && sleep 0'"'"''
failed: [35.184.23.176] (item=jenkins_plugins) => {
"elapsed": 300,
"failed": true,
"invocation": {
"module_args": {
"connect_timeout": 5,
"delay": 0,
"exclude_hosts": null,
"host": "127.0.0.1",
"path": "/data/jenkins/plugins/jenkins_plugins",
"port": null,
"search_regex": null,
"state": "started",
"timeout": 300
},
"module_name": "wait_for"
},
"item": "jenkins_plugins",
"msg": "Timeout when waiting for file /data/jenkins/plugins/jenkins_plugins"
}
`
As you can see, instead of going through each plugin listed in 'jenkins_plugins', it's just seeing literally 'jenkins_plugins' as being the name of the only plugin to be installed. I have tried both the default list of plugins and my own list, but the result is always the same.
My local system is a Macbook Pro running:
The system I'm trying to install Jenkins on is GCE VM running:
Any ideas?
The role be install successfully on centos/7
Keep getting the error:
fatal: [ci-server]: FAILED! => {"reason": "Unable to retrieve file contents\nCould not find or access '/{project_path}/yum/stop.yml'"}
jenkins_install_via: "yum"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.