emmetog / ansible-jenkins Goto Github PK
View Code? Open in Web Editor NEWAnsible role to install and fully configure Jenkins CI in Docker
License: MIT License
ansible-jenkins's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
wasanthag grahamdaley shreya2602 pmaciejewski badis42 pmarhatha rwycuff33 sharma21069 ping9802 suboptimal dhirenshumsher tahvok claudiubelu dave-miles rei-systems project1taken dirkjonker t0p4 kuldazbraslav w3aran rahulmod bobclarke mdiers tigerwan rigelk paulgallon spacedan gusse tjoen jeis2497052 enigmacurry jinosapps ghostx94-zz rougeo ibraah88 vijayakumar1 thatsk resmiantonyk poojasree oscargcervantes endwar95 surennihalani thedemoncat ramharig jalagamv shadowscorpion doppiomacchiatto jimcox fuchu devendrapsl moetto billklinevt saigonshu rajeshv23 seabornlee jontambi agnnn tbadmus moody1511 cedvict aia89 john-fletcher wiem-fourati marob yaswanthkumar1995 hunsu krishnait bryamcastle dexus-forks nagireddy-devops mnedkov vladimirmaljkovic boyasiva obovtunov arunvel1988 girijalaaditya prime85 romanutskyi ipcrm prakash-kumard sagvekarsushant spec86 sawantraviraj25 fly2sirius tonecodeansible-jenkins's Issues
Support API tokens in addition to the crumb issuer
As of Jenkins 2.190.1, using the default crumbIssuer has become much harder. Please refer to https://jenkins.io/security/advisory/2019-08-28/ and https://jenkins.io/doc/upgrade-guide/2.176/#SECURITY-626 for more background information.
Expected Behavior
Role provisioning runs without errors.
Actual Behavior
Errors like the following occur when trying to do crumb-based activities, such as putting Jenkins into quiet mode:
TASK [emmetog.jenkins : Set quiet mode] ******************************************************
task path: /Users/nre/Code/nre-ableton/ansible-jenkins/tasks/set-quiet-mode.yml:4
Monday 14 October 2019 17:38:10 +0200 (0:00:00.124) 0:00:28.156 ********
fatal: [jenkins-master-sandbox]: FAILED! => {"cache_control": "must-revalidate,no-cache,no-store", "changed": false, "connection": "close", "content": "<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\"/>\n<title>Error 403 No valid crumb was included in the request</title>\n</head>\n<body><h2>HTTP ERROR 403</h2>\n<p>Problem accessing /quietDown. Reason:\n<pre> No valid crumb was included in the request</pre></p><hr><a href=\"http://eclipse.org/jetty\">Powered by Jetty:// 9.4.z-SNAPSHOT</a><hr/>\n\n</body>\n</html>\n", "content_length": "390", "content_type": "text/html;charset=iso-8859-1", "date": "Mon, 14 Oct 2019 15:38:11 GMT", "elapsed": 0, "msg": "Status code was 403 and not [200, 302]: HTTP Error 403: No valid crumb was included in the request", "redirected": false, "server": "Jetty(9.4.z-SNAPSHOT)", "set_cookie": "JSESSIONID.54a45fbb=node017yk56iwafcmi1g89szu6ey71u5.node0;Path=/;HttpOnly", "status": 403, "url": "http://sandbox:8080/quietDown", "x_content_type_options": "nosniff"}
Steps to Reproduce the Problem
- Update to Jenkins 2.190.1
- Run this role against the Jenkins master instance
emmetog.jenkins : Ensure jenkins home dir is created]
PLAY [127.0.0.1] *****************************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [emmetog.jenkins : include] *************************************************************************************************************************************************************************
included: /root/jenkins/ansible-jenkins/roles/emmetog.jenkins/tasks/docker/install.yml for 127.0.0.1
TASK [emmetog.jenkins : Ensure jenkins home dir is created] **********************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "msg": "chown failed: failed to look up user ubuntu", "owner": "root", "path": "/data/jenkins", "secontext": "unconfined_u:object_r:default_t:s0", "size": 4096, "state": "directory", "uid": 0}
to retry, use: --limit @/root/jenkins/ansible-jenkins/deploy-jenkins.retry
PLAY RECAP ***********************************************************************************************************************************************************************************************
127.0.0.1 : ok=2 changed=0 unreachable=0 failed=1
Example of "Crumb-based authentication"
I've tried to make the plugin installation work for a while now, but unless I give full read-write access to everyone on the internet, it doesn't work. For example with crumbs, I get:
TASK [emmetog.jenkins : Get crumb for Jenkins API] *************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Set Jenkins token from crumb] **********************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Initialize Jenkins crumb cookie fact] **************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Save Jenkins crumb cookie for Jenkins >= 2.176.2] **************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Set quiet mode with API token] *********************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Set quiet mode with crumb] *************************************************************************************
fatal: [jenkins]: FAILED! => {"changed": false, "connection": "close", "content": "<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2FquietDown'/><script>window.location.replace('/login?from=%2FquietDown');</script></head><body style='background-color:white; color:white;'>\n\n\nAuthentication required\n<!--\nYou are authenticated as: anonymous\nGroups that you are in:\n \nPermission you need to have (but didn't): hudson.model.Hudson.Administer\n-->\n\n</body></html> ", "content_length": "695", "content_type": "text/html;charset=utf-8", "date": "Mon, 25 Nov 2019 09:48:52 GMT", "elapsed": 0, "msg": "Status code was 403 and not [200, 302]: HTTP Error 403: Forbidden", "redirected": false, "server": "Jetty(9.4.z-SNAPSHOT)", "status": 403, "url": "https://xxxxxx:8080/quietDown", "x_content_type_options": "nosniff", "x_hudson": "1.395", "x_hudson_cli_port": "36651", "x_jenkins": "2.190.3", "x_jenkins_cli2_port": "36651", "x_jenkins_cli_port": "36651", "x_jenkins_session": "2a16c81b", "x_required_permission": "hudson.model.Hudson.Administer", "x_you_are_authenticated_as": "anonymous", "x_you_are_in_group_disabled": "JENKINS-39402: use -Dhudson.security.AccessDeniedException2.REPORT_GROUP_HEADERS=true or use /whoAmI to diagnose"}
The section in the README doesn't go into enough detail on what the requirements are to make this work.
When using yum installation option automation fails because it expects an administrator password
Expected Behavior
To automatically insert the password found in /var/lib/jenkins/secrets/initialAdminPassword
Actual Behavior
I get an error saying:
" Could not find or access '~/My_Projects/gitlab/ansible-provisioner/provisioner/jenkins-configs/secrets/' "
Steps to Reproduce the Problem
- running the playbook
need to set user on Jenkins_Home directory & make user from /etc/sysconfig/jenkins to run as root user
yum restart.yml-incorrect paths
Expected Behavior
should refer directly stop and start yaml files
Actual Behavior
it refers yum directory too in path
Steps to Reproduce the Problem
Use built-in Ansible modules for job/plugin configuration
I'm curious if there is any particular reason that this role manually installs jobs and plugins instead of using the built-in jenkins_job and jenkins_plugin modules? Is it simply because this role predates the introduction of these modules? Or is there some other reason?
Would you be opposed to a PR which migrates this role to use these modules? If you are not, I'd gladly submit one. In general, I think that unless we have a specific reason not to use the built-in features, we should probably use them.
Plugins are not installed at all
- name: install jenkins
become: yes
import_role:
name: emmetog.jenkins
vars:
jenkins_version: "2.190.3"
jenkins_url: xxxxx
jenkins_port: 8080
jenkins_install_via: "apt"
jenkins_home: "/home/jenkins/data"
jenkins_admin: "xxxxx"
jenkins_java_opts: "-Djenkins.install.runSetupWizard=false"
jenkins_config_owner: "jenkins"
jenkins_config_group: "jenkins"
# The locations of the configuration files for jenkins
jenkins_source_dir_configs: "{{ playbook_dir }}/jenkins-configs"
jenkins_source_dir_jobs: "{{ jenkins_source_dir_configs }}/jobs"
# config.xml template source
jenkins_source_config_xml: "{{ jenkins_source_dir_configs }}/config.xml"
# Include custom files for jenkins installation
jenkins_include_custom_files: true
jenkins_custom_files:
- src: "credentials.xml"
dest: "credentials.xml"
- src: "hudson.plugins.git.GitSCM.xml"
dest: "hudson.plugins.git.GitSCM.xml"
- src: "hudson.plugins.jira.JiraProjectProperty.xml"
dest: "hudson.plugins.jira.JiraProjectProperty.xml"
- src: "jenkins.CLI.xml"
dest: "jenkins.CLI.xml"
- src: "jenkins.model.JenkinsLocationConfiguration.xml"
dest: "jenkins.model.JenkinsLocationConfiguration.xml"
- src: "jenkins.plugins.slack.SlackNotifier.xml"
dest: "jenkins.plugins.slack.SlackNotifier.xml"
- src: "org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml"
dest: "org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml"
# Include secrets directory during installation
jenkins_include_secrets: false
jenkins_source_secrets: "{{ jenkins_source_dir_configs }}/secrets/"
# The names of the jobs (config.xml must exist under jenkins_source_dir_jobs/job_name/)
jenkins_jobs: ["beta"]
# These plugins will be installed in the jenkins instance
jenkins_plugins:
- ace-editor
- antisamy-markup-formatter
- apache-httpcomponents-client-4-api
- authentication-tokens
- bitbucket
- bouncycastle-api
- branch-api
- build-name-setter
- build-pipeline-plugin
- build-timeout
- cloudbees-folder
- command-launcher
- conditional-buildstep
- config-file-provider
- copyartifact
- credentials
- credentials-binding
- dashboard-view
- display-url-api
- docker-commons
- docker-workflow
- durable-task
- git
- git-client
- git-server
- github
- github-api
- github-branch-source
- google-login
- gradle
- handlebars
- jackson2-api
- javadoc
- jdk-tool
- jquery
- jquery-detached
- jsch
- junit
- locale
- lockable-resources
- mailer
- matrix-auth
- matrix-project
- maven-plugin
- mercurial
- momentjs
- pam-auth
- parameterized-trigger
- pipeline-build-step
- pipeline-github-lib
- pipeline-graph-analysis
- pipeline-input-step
- pipeline-milestone-step
- pipeline-model-api
- pipeline-model-declarative-agent
- pipeline-model-definition
- pipeline-model-extensions
- pipeline-rest-api
- pipeline-stage-step
- pipeline-stage-tags-metadata
- pipeline-stage-view
- plain-credentials
- rebuild
- resource-disposer
- run-condition
- scm-api
- script-security
- ssh
- ssh-agent
- ssh-credentials
- ssh-slaves
- structs
- throttle-concurrents
- timestamper
- token-macro
- workflow-aggregator
- workflow-api
- workflow-basic-steps
- workflow-cps
- workflow-cps-global-lib
- workflow-durable-task-step
- workflow-job
- workflow-multibranch
- workflow-scm-step
- workflow-step-api
- workflow-support
- ws-cleanup
# List of sources of custom jenkins plugins to install
jenkins_custom_plugins:
- "{{ playbook_dir }}/jenkins-configs/jira-3.0.6.aa180a6.hpi"
- "{{ playbook_dir }}/jenkins-configs/bbprb-0.3.0.942c650.hpi"
ansible log
TASK [emmetog.jenkins : Warn if jenkins_url is defined] ********************************************************************************
ok: [jenkins] => {
"msg": "Please define jenkins_hostname instead of jenkins_url"
}
TASK [emmetog.jenkins : Sanity check Jenkins authentication mechanism variable] ********************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Sanity check API token] ****************************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Sanity check API username] *************************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Set jenkins_url fact for backwards-compatibility installations] ************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Set jenkins_url fact for HTTP] *********************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Set jenkins_url fact for HTTPS] ********************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : include] *******************************************************************************************************
included: /home/maerwald/git/Terraform-Ansible/roles/emmetog.jenkins/tasks/apt/install.yml for jenkins
TASK [emmetog.jenkins : Create Jenkins group] ******************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Create Jenkins user] *******************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Install apt PPA dependencies] **********************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Install the Debian keyring] ************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Add Debian experimental repository for OpenJDK] ****************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Add Debian sid repository for OpenJDK] *************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Create pinning file for apt] ***********************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Install apt packages] ******************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Set default Java version] **************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Add Jenkins key] ***********************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Add Jenkins repository] ****************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Install Jenkins binary package] ********************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : include_tasks] *************************************************************************************************
included: /home/maerwald/git/Terraform-Ansible/roles/emmetog.jenkins/tasks/apt/stop.yml for jenkins
TASK [emmetog.jenkins : Jenkins is stopped] ********************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Wait for Jenkins to stop] **************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Set JENKINS_HOME] **********************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Set Jenkins port for HTTP] *************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Set Jenkins port for HTTPS] ************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Set Jenkins Java command line options] *************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Ensure correct ownership of JENKINS_HOME directory] ************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Ensure main configuration file is up to date] ******************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Configure Jenkins location] ************************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Initialize Jenkins secrets dir fact] ***************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Copy secrets] **************************************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Ensure correct ownership of secrets directory] *****************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : Copy JKS keystore credentials] *********************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Copy CA signed certificate] ************************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Copy CA certificate private key] *******************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Initialize HTTPS credentials fact] *****************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Set JKS keystore credentials] **********************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Set fact for HTTPS certificate file] ***************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Set CA signed certificate credentials] *************************************************************************
skipping: [jenkins]
TASK [emmetog.jenkins : Set Jenkins command line options] ******************************************************************************
changed: [jenkins]
TASK [emmetog.jenkins : include_tasks] *************************************************************************************************
included: /home/maerwald/git/Terraform-Ansible/roles/emmetog.jenkins/tasks/apt/stop.yml for jenkins
TASK [emmetog.jenkins : Jenkins is stopped] ********************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Wait for Jenkins to stop] **************************************************************************************
ok: [jenkins]
TASK [emmetog.jenkins : Create intermediate dirs for custom files] *********************************************************************
ok: [jenkins] => (item={'src': 'credentials.xml', 'dest': 'credentials.xml'})
ok: [jenkins] => (item={'src': 'hudson.plugins.git.GitSCM.xml', 'dest': 'hudson.plugins.git.GitSCM.xml'})
ok: [jenkins] => (item={'src': 'hudson.plugins.jira.JiraProjectProperty.xml', 'dest': 'hudson.plugins.jira.JiraProjectProperty.xml'})
ok: [jenkins] => (item={'src': 'jenkins.CLI.xml', 'dest': 'jenkins.CLI.xml'})
ok: [jenkins] => (item={'src': 'jenkins.model.JenkinsLocationConfiguration.xml', 'dest': 'jenkins.model.JenkinsLocationConfiguration.xml'})
ok: [jenkins] => (item={'src': 'jenkins.plugins.slack.SlackNotifier.xml', 'dest': 'jenkins.plugins.slack.SlackNotifier.xml'})
ok: [jenkins] => (item={'src': 'org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml', 'dest': 'org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml'})
TASK [emmetog.jenkins : Configure custom files] ****************************************************************************************
changed: [jenkins] => (item={'src': 'credentials.xml', 'dest': 'credentials.xml'})
changed: [jenkins] => (item={'src': 'hudson.plugins.git.GitSCM.xml', 'dest': 'hudson.plugins.git.GitSCM.xml'})
changed: [jenkins] => (item={'src': 'hudson.plugins.jira.JiraProjectProperty.xml', 'dest': 'hudson.plugins.jira.JiraProjectProperty.xml'})
changed: [jenkins] => (item={'src': 'jenkins.CLI.xml', 'dest': 'jenkins.CLI.xml'})
changed: [jenkins] => (item={'src': 'jenkins.model.JenkinsLocationConfiguration.xml', 'dest': 'jenkins.model.JenkinsLocationConfiguration.xml'})
changed: [jenkins] => (item={'src': 'jenkins.plugins.slack.SlackNotifier.xml', 'dest': 'jenkins.plugins.slack.SlackNotifier.xml'})
changed: [jenkins] => (item={'src': 'org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml', 'dest': 'org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml'})
TASK [emmetog.jenkins : Custom plugins are installed] **********************************************************************************
changed: [jenkins] => (item=/home/maerwald/git/Terraform-Ansible/jenkins/playbooks/jenkins-configs/jira-3.0.6.aa180a6.hpi)
changed: [jenkins] => (item=/home/maerwald/git/Terraform-Ansible/jenkins/playbooks/jenkins-configs/bbprb-0.3.0.942c650.hpi)
TASK [emmetog.jenkins : include_tasks] *************************************************************************************************
included: /home/maerwald/git/Terraform-Ansible/roles/emmetog.jenkins/tasks/start.yml for jenkins
TASK [emmetog.jenkins : include_tasks] *************************************************************************************************
included: /home/maerwald/git/Terraform-Ansible/roles/emmetog.jenkins/tasks/apt/start.yml for jenkins
TASK [emmetog.jenkins : Jenkins is started] ********************************************************************************************
ok: [jenkins]
Instance fails to start, because configuration for google oauth exists, but the plugin is not installed via provisioning.
Docker installation on CentOS VM fails to install plugins
Expected Behavior
My working environment is a Windows 10 PC on which I run one VirtualBox based, Vagrant controlled CentOS 7 VM as Ansible master and another one as installation target. These are configured with one NAT NIC and one Host Only NIC each. I'm running behind a firewall so I setup proxy configurations in various places. The ansible-jenkins role is included from another role which sets up the environment: installs Docker, creates the Jenkins config directory, etc. My settings are very similar to the examples from the README file:
jenkins_version: "2.73.1"
jenkins_url: "http://127.0.0.1"
jenkins_port: 8080
jenkins_install_via: "docker"
jenkins_config_owner: "vagrant"
jenkins_config_group: "vagrant"
jenkins_java_opts: "-Djenkins.install.runSetupWizard=false"
jenkins_home: /data/jenkins
jenkins_source_dir_configs: files/jenkins-configs
jenkins_source_dir_jobs: "{{ jenkins_source_dir_configs }}/jobs"
jenkins_include_custom_files: true
jenkins_custom_files:
- src: "proxy.xml"
dest: "proxy.xml"
jenkins_jobs:
- "my-first-job"
jenkins_plugins:
- git
- log-parser
- copyartifact
- workflow-aggregator
- workflow-multibranch
- docker-workflow
- subversion
- template-project
I'm running Jenkins as vagrant because it has uid 1000 in my VM's. I'd expect this installation to complete successfully.
Actual Behavior
Installation fails at the wait_for task. None of the *.jpi files ever appear in the /data/jenkins/plugins/ directory. From the logs I see that all the attempts to install the specified plugins have similar results:
ok: [owf-dev-server] => (item=template-project) => {
"changed": false,
"connection": "close",
"date": "Mon, 25 Feb 2019 11:23:59 GMT",
"invocation": {
"module_args": {
"attributes": null,
"backup": null,
"body": "<jenkins><install plugin=\"template-project@latest\" /></jenkins>",
"body_format": "raw",
"client_cert": null,
"client_key": null,
"content": null,
"creates": null,
"delimiter": null,
"dest": null,
"directory_mode": null,
"follow": false,
"follow_redirects": "safe",
"force": false,
"force_basic_auth": false,
"group": null,
"headers": {
"Content-Type": "text/xml"
},
"http_agent": "ansible-httpget",
"method": "POST",
"mode": null,
"owner": null,
"regexp": null,
"remote_src": null,
"removes": null,
"return_content": false,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"status_code": [
"200",
"302"
],
"timeout": 30,
"unsafe_writes": null,
"url": "http://127.0.0.1:8080/pluginManager/installNecessaryPlugins",
"url_password": null,
"url_username": null,
"use_proxy": true,
"validate_certs": true
}
},
"item": "template-project",
"location": "http://127.0.0.1:8080/updateCenter",
"msg": "HTTP Error 302: Found",
"redirected": false,
"server": "Jetty(9.4.z-SNAPSHOT)",
"status": 302,
"url": "http://127.0.0.1:8080/pluginManager/installNecessaryPlugins",
"x_content_type_options": "nosniff"
Is it correct that location points to a localhost URI?
Steps to Reproduce the Problem
I'm afraid it's not easy to reproduce my setup, as it's rather convoluted. I'm eager to provide additional information, but I'm not sure about what could be of use.
Propose spelling correction to the readme
I would like to propose a few spelling corrections to variables, Additionally listed below:
diff --git a/README.md b/README.md
index 08a9457..88f091b 100644
--- a/README.md
+++ b/README.md
@@ -178,8 +178,8 @@ The example above will look for the job configs in
The role will also look for `{{ playbook_dir }}/jenkins-configs/config.xml`
These config.xml will be templated over to the server to be used as the job cfi
guration.
-It will upload the whole secrets directory under `{{ playbook_dir }}/jenkins-nf
igs/secrets` and configure custom files provided under `{{ jenkins_custom_files
}}` variable. Note that `{{ jenkins_include_secrets }}` and `{{ jenkins_include_
custom_files }}` varibales should be set to true for these to work.
-Additionaly the role can install custom plugins by providing the .jpi or .hpiil
es as a list under `{{ jenkins_custom_plugins }}` variable.
+It will upload the whole secrets directory under `{{ playbook_dir }}/jenkins-nf
igs/secrets` and configure custom files provided under `{{ jenkins_custom_files
}}` variable. Note that `{{ jenkins_include_secrets }}` and `{{ jenkins_include_
custom_files }}` variables should be set to true for these to work.
+Additionally the role can install custom plugins by providing the .jpi or .hpfi
les as a list under `{{ jenkins_custom_plugins }}` variable.
config.xml and custom files are templated so you can put variables in them,
for example it would be a good idea to encrypt sensitive variables
Expected Behavior
Actual Behavior
Steps to Reproduce the Problem
docker: stop.yml references the wrong docker image
Currently, using the Playbook fails during the stop task, as that task does not use the "{{ jenkins_docker_image }}:{{ jenkins_version }}" image, but "jenkins:{{ jenkins_version }}", completely ignoring the ansible variable.
The normal jenkins repository is deprecated, in favor of the jenkins/jenkins one.
Expected Behavior
Running the Playbook is expected to run and succeed.
Actual Behavior
Running the fails with the following: http://paste.openstack.org/show/622543/
Steps to Reproduce the Problem
- run: ansible-playbook build.yml
Changing the tasks/docker/stop.yml task's image to "{{ jenkins_docker_image }}:{{ jenkins_version }}" solves the issue.
url openerror during plugin installation
Expected Behavior
Jenkins-crumb received and proceed with plugin installation
Actual Behavior
fatal: [localhost]: FAILED! => {"changed": false, "content": "", "msg": "Status code was not [200, 404]: Request failed: <urlopen error [Errno 111] Connection refused>", "redirected": false, "status": -1, "url": "http://127.0.0.1:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\":\",//crumb)"}
I am getting crumb with curl command, with ansible it is failing with above error -
curl "http://127.0.0.1:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\":\",//crumb)"
Jenkins-Crumb:cd50b99693fa890d69f70cd7ead94ca3
Could you please check this error
Permissions issue on Ubuntu
Hi!
I am attempting install Jenkins on a brand new Ubuntu 20.04 machine using your role.
My playbook looks like this:
`- hosts: test
vars:
jenkins_version: "2.289.2"
jenkins_hostname: "127.0.0.1"
jenkins_port: 8080
jenkins_install_via: "apt"
jenkins_plugins:
- git
- blueocean
roles:
- emmetog.jenkins
`
However the deployment fails at the "Wait for Jenkins to start" stage after having exhausted all the retries. If at this point if I try access Jenkins on 127.0.0.1:8080 I am met with an error page presenting the following exception:
java.io.IOException: Permission denied at java.io.UnixFileSystem.createFileExclusively(Native Method) at java.io.File.createTempFile(File.java:2063) at hudson.util.AtomicFileWriter.<init>(AtomicFileWriter.java:143) Caused: java.io.IOException: Failed to create a temporary file in /data/jenkins at hudson.util.AtomicFileWriter.<init>(AtomicFileWriter.java:145) at hudson.util.AtomicFileWriter.<init>(AtomicFileWriter.java:110) at hudson.util.AtomicFileWriter.<init>(AtomicFileWriter.java:75) at hudson.util.TextFile.write(TextFile.java:116) at jenkins.model.Jenkins.<init>(Jenkins.java:906) at hudson.model.Hudson.<init>(Hudson.java:86) at hudson.model.Hudson.<init>(Hudson.java:82) at hudson.WebAppMain$3.run(WebAppMain.java:295) Caused: hudson.util.HudsonFailedToLoad at hudson.WebAppMain$3.run(WebAppMain.java:312)
Hence it seems to be a permissions issue. Please advice me on what to do to get around this.
Thank you in advance!
"Wait for Jenkins to start" is broken with e.g. Google OAuth
Expected Behavior
The "Wait for Jenkins to start" task succeeds.
Actual Behavior
It doesn't succeed.
Steps to Reproduce the Problem
- configure jenkins with google oauth
- redeploy
Explanation
The main url returns 403 when google oauth is configured. But I think it is actually timing out... from within the playbook it never succeeds nor returns, even after I changed it to:
---
- include_tasks: "{{ jenkins_install_via }}/start.yml"
- name: Wait for Jenkins to start
uri:
url: "{{ jenkins_url }}"
validate_certs: "{{ jenkins_https_validate_certs }}"
status_code: [200, 403, 503]
timeout: 5
become: false
register: jenkins_home_content
# Jenkins will return 503 (service unavailable) on the home page while
# starting (the "Please wait while Jenkins is getting ready to work" page)
until: not (jenkins_home_content.status == 503)
retries: 5
delay: 5Security
Why cant I deploy this and have security enabled.
even when I remove the auth strategy $Unsecure and Security realm from my config.xml
You role still leaves me wide open and adds the entries in the config.xml none the less.
Allow to install from 'debian' instead of 'debian-stable'
https://github.com/emmetog/ansible-jenkins/blob/master/tasks/apt/install.yml#L54
To get the latest release 2.209, I need 'debian': https://pkg.jenkins.io/debian/
This should be configurable.
Configure custom files looping over folder(recurcive)
Hi! Nice job, I like this role!
I have a dir like this
config/
.ssh/
id_rsa
prodSlaveFiles/
..
init.groovy.d/
..
credentials.xml
hudson.plugins.git.GitSCM.xml
...
How to set jenkins_custom_files to copy content of folder to jenkins_home?
CentOS default config is on /etc/sysconfig/jenkins
Expected Behavior
On yum installations jenkins config should be written to /etc/sysconfig/jenkins
Actual Behavior
jenkins config is hard coded to /etc/default/jenkins
Steps to Reproduce the Problem
- Use defaults to install jenkins on CentOS/RedHat
- Check /etc/sysconfig/jenkins - no config is written
- check /etc/default/jenkins - exists but not in use in CentOS
Suggested solution
in tasks/configure-jenkins.yml replace hard coded /etc/default/jenkins with jenkins_config_file which will be autimatically set to /etc/default/jenkins on apt installation and /etc/sysconfig/jenkins on yum installation type
Build failed due to missing data folder at root directory
Hi,
I found a fix for this but unfortunately I don't have time to pull/modify/push etc., so I figured I would put it here so you can make the quick update.
Playbook failed here:
TASK [emmetog.jenkins : Create Jenkins user] **********************************************************************************************************************************************************************************************************************************
fatal: [hostname]: FAILED! => {"changed": false, "failed": true, "msg": "useradd: cannot create directory /data/jenkins\n", "name": "ubuntu", "rc": 12}
Manual fix:
If there is no /data directory on the target, create one manually.
This means that I have to add an extra step to my VM creation script to create a /data directory. Obviously that works for me for now, but it would be good to have this fixed / improve the error handling for it so other users don't run into the same issue.
Hope this helps.
Jenkins modules not installing
This is regarding the current 'ansible galaxy' version. The output I'm seeing from ansible-playbook -vvvv when it reaches the task for installing Jenkins plugins is as follows:
TASK [emmetog.jenkins : Plugins are installed] ********************************* task path: /private/etc/ansible/roles/emmetog.jenkins/tasks/configure-jenkins.yml:15 Using module file /Library/Python/2.7/site-packages/ansible/modules/core/commands/command.py <35.184.23.176> ESTABLISH SSH CONNECTION FOR USER: gdaley <35.184.23.176> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r 35.184.23.176 '/bin/sh -c '"'"'( umask 77 && mkdir -p " echo ~/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182 " && echo ansible-tmp-1489042876.1-249571663650182=" echo ~/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182 `" ) && sleep 0'"'"''
<35.184.23.176> PUT /var/folders/pd/7tzc73115n99cwmzk66l9mxw0000gn/T/tmpihLBad TO /home/gdaley/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182/command.py
<35.184.23.176> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r '[35.184.23.176]'
<35.184.23.176> ESTABLISH SSH CONNECTION FOR USER: gdaley
<35.184.23.176> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r 35.184.23.176 '/bin/sh -c '"'"'chmod u+x /home/gdaley/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182/ /home/gdaley/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182/command.py && sleep 0'"'"''
<35.184.23.176> ESTABLISH SSH CONNECTION FOR USER: gdaley
<35.184.23.176> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r -tt 35.184.23.176 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-rlqzlsvzcfhnxtijbmlpgpetsuiugsce; /usr/bin/python /home/gdaley/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182/command.py; rm -rf "/home/gdaley/.ansible/tmp/ansible-tmp-1489042876.1-249571663650182/" > /dev/null 2>&1'"'"'"'"'"'"'"'"' && sleep 0'"'"''
changed: [35.184.23.176] => (item=jenkins_plugins) => {
"changed": true,
"cmd": "curl -X POST -d '<install plugin="jenkins_plugins@latest" />' --header 'Content-Type: text/xml' http://jenkins-my-js-pipeline.gdaley.com:80/pluginManager/installNecessaryPlugins",
"delta": "0:00:00.072227",
"end": "2017-03-09 07:01:19.069746",
"invocation": {
"module_args": {
"_raw_params": "curl -X POST -d '<install plugin="jenkins_plugins@latest" />' --header 'Content-Type: text/xml' http://jenkins-my-js-pipeline.gdaley.com:80/pluginManager/installNecessaryPlugins",
"_uses_shell": true,
"chdir": null,
"creates": "/data/jenkins/plugins/jenkins_plugins",
"executable": null,
"removes": null,
"warn": true
},
"module_name": "command"
},
"item": "jenkins_plugins",
"rc": 0,
"start": "2017-03-09 07:01:18.997519",
"stderr": " % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\r100 62 0 0 100 62 0 941 --:--:-- --:--:-- --:--:-- 953",
"stdout": "",
"stdout_lines": [],
"warnings": [
"Consider using get_url or uri module rather than running curl"
]
}
TASK [emmetog.jenkins : wait_for] **********************************************
task path: /private/etc/ansible/roles/emmetog.jenkins/tasks/configure-jenkins.yml:25
Using module file /Library/Python/2.7/site-packages/ansible/modules/core/utilities/logic/wait_for.py
<35.184.23.176> ESTABLISH SSH CONNECTION FOR USER: gdaley
<35.184.23.176> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r 35.184.23.176 '/bin/sh -c '"'"'( umask 77 && mkdir -p "echo ~/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344" && echo ansible-tmp-1489042879.23-54183515335344="echo ~/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344" ) && sleep 0'"'"''
<35.184.23.176> PUT /var/folders/pd/7tzc73115n99cwmzk66l9mxw0000gn/T/tmpXisF_7 TO /home/gdaley/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344/wait_for.py
<35.184.23.176> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r '[35.184.23.176]'
<35.184.23.176> ESTABLISH SSH CONNECTION FOR USER: gdaley
<35.184.23.176> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r 35.184.23.176 '/bin/sh -c '"'"'chmod u+x /home/gdaley/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344/ /home/gdaley/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344/wait_for.py && sleep 0'"'"''
<35.184.23.176> ESTABLISH SSH CONNECTION FOR USER: gdaley
<35.184.23.176> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/Users/gdaley/.ssh/google_compute_engine"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gdaley -o ConnectTimeout=10 -o ControlPath=/Users/gdaley/.ansible/cp/ansible-ssh-%h-%p-%r -tt 35.184.23.176 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-saawgielycrhzudazlxqojxlokialoew; /usr/bin/python /home/gdaley/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344/wait_for.py; rm -rf "/home/gdaley/.ansible/tmp/ansible-tmp-1489042879.23-54183515335344/" > /dev/null 2>&1'"'"'"'"'"'"'"'"' && sleep 0'"'"''
failed: [35.184.23.176] (item=jenkins_plugins) => {
"elapsed": 300,
"failed": true,
"invocation": {
"module_args": {
"connect_timeout": 5,
"delay": 0,
"exclude_hosts": null,
"host": "127.0.0.1",
"path": "/data/jenkins/plugins/jenkins_plugins",
"port": null,
"search_regex": null,
"state": "started",
"timeout": 300
},
"module_name": "wait_for"
},
"item": "jenkins_plugins",
"msg": "Timeout when waiting for file /data/jenkins/plugins/jenkins_plugins"
}
`
As you can see, instead of going through each plugin listed in 'jenkins_plugins', it's just seeing literally 'jenkins_plugins' as being the name of the only plugin to be installed. I have tried both the default list of plugins and my own list, but the result is always the same.
My local system is a Macbook Pro running:
- MacOS: 10.12.3
- Python 2.7.10 (from the Developer command line tools package)
- ansible 2.2.1.0
The system I'm trying to install Jenkins on is GCE VM running:
- Ubuntu 16.10
- Python 2.7.12+
Any ideas?
Could not find or access '../yum/stop.yml'
Expected Behavior
The role be install successfully on centos/7
Actual Behavior
Keep getting the error:
fatal: [ci-server]: FAILED! => {"reason": "Unable to retrieve file contents\nCould not find or access '/{project_path}/yum/stop.yml'"}
Steps to Reproduce the Problem
- Try to install on centos/7
- set the var
jenkins_install_via: "yum"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.