+++ /dev/null
----
-
-- hosts: all
- become: true
- user: ubuntu
- vars:
- - jenkins_user: 'jenkins-build'
- - jenkins_key: 'playbook/files/ssh/keys/jenkins_build.pub'
- # jenkins API credentials:
- - api_user: 'ceph-jenkins'
- - token: '{{ token }}'
- - api_uri: 'https://jenkins.ceph.com'
- - jenkins_credentials_uuid: 'jenkins-build'
- - nodename: '{{ nodename }}'
- - labels: '{{ labels }}'
- - use_jnlp: false
- - grant_sudo: true
- - osc_user: 'username'
- - osc_pass: 'password'
-
- tasks:
- - name: uninstall resolvconf on Ubuntu to manually manage resolv.conf
- apt:
- name: resolvconf
- state: absent
- when: ansible_os_family == "Debian"
-
- - name: check for NetworkManager conf
- stat:
- path: /etc/NetworkManager/NetworkManager.conf
- register: nm_conf
-
- - name: tell NetworkManager to leave resolv.conf alone on CentOS
- lineinfile:
- dest: /etc/NetworkManager/NetworkManager.conf
- regexp: '^dns='
- line: 'dns=none'
- state: present
- when: ansible_os_family == "RedHat" and nm_conf.stat.exists
-
- - name: tell dhclient to leave resolv.conf alone on Ubuntu
- lineinfile:
- dest: /etc/dhcp/dhclient.conf
- regexp: 'prepend domain-name-servers'
- line: 'supersede domain-name-servers 8.8.8.8;'
- state: present
- when: ansible_os_family == "Debian"
-
- - name: use Google DNS for name resolution
- lineinfile:
- dest: /etc/resolv.conf
- regexp: '^nameserver'
- line: 'nameserver 8.8.8.8'
- state: present
-
- - name: "create a {{ jenkins_user }} group"
- group:
- name: "{{ jenkins_user }}"
- state: present
-
- - name: "create a {{ jenkins_user }} user"
- user:
- name: "{{ jenkins_user }}"
- group: "{{ jenkins_user }}"
- state: present
- comment: "Jenkins Build Slave User"
-
- - name: "create a {{ jenkins_user }} home directory"
- file:
- path: "/home/{{ jenkins_user }}/"
- state: directory
- owner: "{{ jenkins_user }}"
-
- - name: Create .ssh directory
- file:
- path: "/home/{{ jenkins_user }}/.ssh"
- state: directory
- owner: "{{ jenkins_user }}"
-
- - name: set the authorized keys
- authorized_key:
- user: "{{ jenkins_user }}"
- key: "{{ lookup('file', '{{ jenkins_key }}') }}"
-
- - name: "ensure {{ jenkins_user }} can sudo without a prompt"
- lineinfile:
- dest: /etc/sudoers
- regexp: '^{{ jenkins_user }} ALL'
- line: '{{ jenkins_user }} ALL=(ALL:ALL) NOPASSWD:ALL'
- validate: 'visudo -cf %s'
- when: grant_sudo
-
- - name: set utf-8 for LC_ALL
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LC_ALL='
- line: "export LC_ALL=en_US.UTF-8"
- create: true
- state: present
-
- - name: set utf-8 for LANG
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LANG='
- line: "export LANG=en_US.UTF-8"
-
- - name: set utf-8 for LANGUAGE
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LANGUAGE='
- line: "export LANGUAGE=en_US.UTF-8"
-
- - name: ensure the build dir exists
- file:
- path: "/home/{{ jenkins_user }}/build"
- state: directory
- owner: "{{ jenkins_user }}"
-
- - name: Create .config/osc directory
- file:
- path: "/home/{{ jenkins_user }}/.config/osc"
- state: directory
- owner: "{{ jenkins_user }}"
- when: ansible_pkg_mgr == "zypper"
-
- - name: Add oscrc file
- blockinfile:
- create: yes
- block: |
- [general]
- apiurl = https://api.opensuse.org
- #build-root = /var/tmp/build-root/%(repo)s-%{arch)s
-
- [https://api.opensuse.org]
- user = {{ osc_user }}
- pass = {{ osc_pass }}
-
- path: "/home/{{ jenkins_user }}/.config/osc/oscrc"
- become_user: "{{ jenkins_user }}"
- when: ansible_pkg_mgr == "zypper"
-
- - name: ensure the home dir has the right owner permissions
- file:
- path: "/home/{{ jenkins_user }}"
- state: directory
- owner: "{{ jenkins_user }}"
- group: "{{ jenkins_user }}"
- recurse: yes
-
- - name: Install epel repo
- yum:
- name: epel-release
- state: latest
- when: ansible_os_family == "RedHat"
-
- - name: disable epel for now
- lineinfile:
- path: "/etc/yum.repos.d/epel.repo"
- regexp: '^enabled=.*'
- line: 'enabled=0'
- when: ansible_os_family == "RedHat"
-
- # This repo has EL8 packages that Ceph depends on. These packages are not available in AppStream, BaseOS, or EPEL8 yet so we build and manage them.
- - name: Enable EL8 copr repo
- command: "dnf -y copr enable ktdreyer/ceph-el8"
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int == 8
-
- # This repo contains packages that were built from Fedora SRPMs. Same thing here -- not in EPEL yet.
- - name: Enable EL8 lab-extras
- yum_repository:
- name: lab-extras
- description: Ceph Lab extra packages
- baseurl: http://apt-mirror.front.sepia.ceph.com/lab-extras/8/
- gpgcheck: no
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int == 8
-
- - name: Install RPM requirements
- package:
- name: "{{ item }}"
- state: present
- with_items:
- - createrepo
- - epel-release
- - java-1.8.0-openjdk
- - git
- - libtool
- #- rpm-sign
- - autoconf
- - redhat-lsb-core
- - automake
- - cmake
- - binutils
- - bison
- - flex
- - gcc
- - gcc-c++
- - gettext
- - libtool
- - make
- - patch
- - pkgconfig
- - redhat-rpm-config
- - rpm-build
- - rpmdevtools
- - openssl-devel
- - libffi-devel
- - mock
- when: ansible_os_family == "RedHat"
-
- - name: Install requirements using zypper
- zypper:
- state: latest
- update_cache: yes
- name:
- - autoconf
- - automake
- - binutils
- - bison
- - cmake
- - ccache
- - createrepo
- - flex
- - gcc
- - gcc-c++
- - gettext-runtime
- - git
- - java-1_8_0-openjdk
- - jq
- - libffi-devel
- - libopenssl-devel
- - libtool
- - lsb-release
- - make
- - patch
- - pkg-config
- - python2-pip
- - python2-virtualenv
- - python3-pip
- - python3-virtualenv
- - rpm-build
- - rpmdevtools
- - tig
- - wget
- # obs requirements
- - osc
- - build
- when: ansible_pkg_mgr == "zypper"
-
-
- - name: install packages from epel (<=7)
- yum:
- name: "{{ item }}"
- state: present
- enablerepo: epel
- update_cache: yes
- with_items:
- - jq
- - python-pip
- - python-virtualenv
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int <= 7
-
- - name: install packages from epel (>=8)
- dnf:
- name: "{{ item }}"
- state: present
- enablerepo: epel
- update_cache: yes
- with_items:
- - jq
- - python3-pip
- - python3-virtualenv
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int >= 8
-
- # Run the equivalent of "apt-get update" as a separate step
- - apt:
- update_cache: yes
- when: ansible_pkg_mgr == "apt"
-
- - name: Install universal DEB requirements
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - git
- - fakeroot
- - fakeroot-ng
- - debhelper
- - reprepro
- - devscripts
- - pbuilder
- - pkg-config
- - libtool
- - autotools-dev
- - automake
- - libssl-dev
- - libffi-dev
- - debian-keyring
- - debian-archive-keyring
- # jenkins-job-builder job:
- - libyaml-dev
- - jq
- # ceph-docs job:
- - doxygen
- - ditaa
- - ant
- when: ansible_pkg_mgr == "apt"
-
- - name: Install DEB requirements (>=18.04)
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - schroot
- - python3-dev
- - python3-pip
- - python3-virtualenv
- when:
- - ansible_pkg_mgr == "apt"
- - ansible_distribution_major_version|int >= 18
-
- - name: Install DEB requirements (<=16.04)
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - dchroot
- - python-pip
- - python-dev
- - python-virtualenv
- when:
- - ansible_pkg_mgr == "apt"
- - ansible_distribution_major_version|int <= 16
-
- - name: Add the Debian Jessie Key
- apt_key:
- id: 2B90D010
- url: https://ftp-master.debian.org/keys/archive-key-8.asc
- keyring: /etc/apt/trusted.gpg
- state: present
- when: ansible_pkg_mgr == "apt"
-
- - name: Add the Debian Security Jessie Key
- apt_key:
- id: C857C906
- url: https://ftp-master.debian.org/keys/archive-key-8-security.asc
- keyring: /etc/apt/trusted.gpg
- state: present
- when: ansible_pkg_mgr == "apt"
-
- - name: Add the Debian Jessie Stable Key
- apt_key:
- keyserver: pgp.mit.edu
- id: 518E17E1
- when: ansible_pkg_mgr == "apt"
-
- - name: Add the Debian Buster Key
- apt_key:
- id: 3CBBABEE
- url: https://ftp-master.debian.org/keys/archive-key-10.asc
- keyring: /etc/apt/trusted.gpg
- state: present
- when: ansible_pkg_mgr == "apt"
-
- - name: Add the Debian Security Buster Key
- apt_key:
- id: CAA96DFA
- url: https://ftp-master.debian.org/keys/archive-key-10-security.asc
- keyring: /etc/apt/trusted.gpg
- state: present
- when: ansible_pkg_mgr == "apt"
-
- - name: Add the Debian Buster Stable Key
- apt_key:
- id: 77E11517
- url: https://ftp-master.debian.org/keys/release-10.asc
- keyring: /etc/apt/trusted.gpg
- state: present
- when: ansible_pkg_mgr == "apt"
-
- - name: Install openjdk-7-jre
- apt:
- name: openjdk-7-jre
- state: present
- when:
- ansible_distribution_release in ['precise', 'trusty', 'wheezy', 'jessie']
-
- - name: Install default openjdk for Xenial only
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - default-jdk
- - default-jre
- when:
- ansible_distribution_release == 'xenial'
-
- - name: correct java version selected
- alternatives:
- name: java
- path: /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
- when:
- (ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'precise') or
- (ansible_distribution == 'Debian' and ansible_distribution_release == 'wheezy')
-
- - name: "add {{ jenkins_user }} to mock group"
- user:
- name: "{{ jenkins_user }}"
- groups: mock
- append: yes
- when: ansible_os_family == "RedHat"
-
- - name: ensure the rpmmacros file exists to fix centos builds
- file:
- path: "/home/{{ jenkins_user }}/.rpmmacros"
- owner: "{{ jenkins_user }}"
- state: touch
-
- - name: write the rpmmacros needed in centos
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.rpmmacros"
- regexp: '^%dist'
- line: '%dist .el{{ ansible_distribution_major_version }}'
- when: ansible_pkg_mgr == "yum"
-
- - name: ensure the gitconfig file exists
- shell: printf "[user]\name=Ceph CI\nemail=ceph-release-team@redhat.com\n" > /home/{{ jenkins_user }}/.gitconfig
-
- - name: ensure the gitconfig file has right permissions
- file:
- path: "/home/{{ jenkins_user }}/.gitconfig"
- owner: "{{ jenkins_user }}"
-
- - name: Set Hostname with hostname command
- hostname:
- name: "ceph-builders"
- when: ansible_os_family != "Suse"
-
- # https://github.com/ansible/ansible/issues/42726
- - name: Set Hostname on OpenSUSE Leap
- command: 'hostname ceph-builders'
- when: ansible_os_family == "Suse"
-
- - name: ensure that 127.0.1.1 is present with an actual hostname
- lineinfile:
- backup: yes
- dest: /etc/hosts
- line: '127.0.1.1 ceph-builders'
-
- - name: update etc cloud templates for debian /etc/hosts
- lineinfile:
- backup: yes
- dest: /etc/cloud/templates/hosts.debian.tmpl
- line: '127.0.1.1 ceph-builders'
- when: ansible_os_family == "Debian"
-
- - name: update etc cloud templates for red hat /etc/hosts
- lineinfile:
- backup: yes
- dest: /etc/cloud/templates/hosts.redhat.tmpl
- line: '127.0.1.1 ceph-builders'
- failed_when: false
- when: ansible_os_family == "RedHat"
-
- - name: update etc cloud templates for suse /etc/hosts
- lineinfile:
- backup: yes
- dest: /etc/cloud/templates/hosts.suse.tmpl
- line: '127.0.1.1 ceph-builders'
- failed_when: false
- when: ansible_os_family == "Suse"
-
- - set_fact:
- pip_version: pip
- when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int <= 7) or
- ansible_os_family == "Debian" or
- ansible_os_family == "Suse"
-
- - set_fact:
- pip_version: pip3
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8
-
- - name: install six, latest one
- pip:
- name: six
- state: latest
- executable: "{{ pip_version }}"
- when: ansible_os_family != "Suse"
-
- - name: install python-jenkins
- # https://review.openstack.org/460363
- pip:
- name: python-jenkins
- version: 0.4.15
- executable: "{{ pip_version }}"
-
- - name: add github.com host key
- known_hosts:
- path: '/etc/ssh/ssh_known_hosts'
- # we need to use 'host' here because prado currently uses ansible-playbook==1.9.1
- host: 'github.com'
- # github.com.pub is the output of `ssh-keyscan github.com`
- key: "{{ lookup('file', 'playbook/files/ssh/hostkeys/github.com.pub') }}"
- tags: github
-
- # The jenkins_node library tries to use pip3 with python-jenkins but it's not compatible.
- - set_fact:
- ansible_python_interpreter: /usr/bin/python
- when:
- - ansible_os_family == "Debian"
-
- - name: register the new slave to jenkins master with ssh
- jenkins_node:
- username: "{{ api_user }}"
- uri: "{{ api_uri }}"
- password: "{{ token }}"
- # relies on a convention to set a unique name that allows a reverse
- # mapping from Jenkins back to whatever service created the current
- # node
- name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
- labels: "{{ labels }}"
- host: "{{ ansible_default_ipv4.address }}"
- credentialsId: "{{ jenkins_credentials_uuid }}"
- remoteFS: '/home/{{ jenkins_user }}/build'
- executors: '{{ executors|default(1) }}'
- exclusive: true
- when: not use_jnlp
- tags:
- - register_slave
-
- - name: register the new slave to jenkins master with jnlp
- jenkins_node:
- username: "{{ api_user }}"
- uri: "{{ api_uri }}"
- password: "{{ token }}"
- # relies on a convention to set a unique name that allows a reverse
- # mapping from Jenkins back to whatever service created the current
- # node
- name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
- labels: "{{ labels }}"
- host: "{{ ansible_default_ipv4.address }}"
- credentialsId: "{{ jenkins_credentials_uuid }}"
- launcher: 'hudson.slaves.JNLPLauncher'
- remoteFS: '/home/{{ jenkins_user }}/build'
- # XXX this should be configurable, not all nodes should have one executor
- executors: '{{ executors|default(1) }}'
- exclusive: true
- when: use_jnlp
- tags:
- - register_slave
+++ /dev/null
----
-
-- hosts: all
- become: true
- user: ubuntu
- vars:
- - jenkins_user: 'jenkins-build'
- # jenkins API credentials:
- - api_user: 'ceph-jenkins'
- - token: '{{ token }}'
- - api_uri: 'https://jenkins.ceph.com'
- - jenkins_credentials_uuid: 'jenkins-build'
- - nodename: '{{ nodename }}'
- - labels: '{{ labels }}'
- - use_jnlp: false
- - grant_sudo: true
-
- tasks:
- - name: uninstall resolvconf on Ubuntu to manually manage resolv.conf
- apt:
- name: resolvconf
- state: absent
- when: ansible_os_family == "Debian"
-
- - name: check for NetworkManager conf
- stat:
- path: /etc/NetworkManager/NetworkManager.conf
- register: nm_conf
-
- - name: tell NetworkManager to leave resolv.conf alone on CentOS
- lineinfile:
- dest: /etc/NetworkManager/NetworkManager.conf
- regexp: '^dns='
- line: 'dns=none'
- state: present
- when: ansible_os_family == "RedHat" and nm_conf.stat.exists
-
- - name: tell dhclient to leave resolv.conf alone on Ubuntu
- lineinfile:
- dest: /etc/dhcp/dhclient.conf
- regexp: 'prepend domain-name-servers'
- line: 'supersede domain-name-servers 8.8.8.8;'
- state: present
- when: ansible_os_family == "Debian"
-
- - name: use Google DNS for name resolution
- lineinfile:
- dest: /etc/resolv.conf
- regexp: '^nameserver'
- line: 'nameserver 8.8.8.8'
- state: present
-
- # vagrant doesn't have repositories, this chacra repo will be better to have
- # around and can get updates as soon as a new vagrant version is published via
- # chacractl
- - name: add the vagrant repository
- apt_repository:
- repo: "deb [trusted=yes] https://chacra.ceph.com/r/vagrant/latest/HEAD/ubuntu/xenial/flavors/default/ xenial main"
- state: present
- when: ansible_os_family == "Debian"
-
- - name: add the vagrant repository
- yum_repository:
- name: vagrant
- description: self-hosted vagrant repo
- baseurl: https://chacra.ceph.com/r/vagrant/latest/HEAD/centos/7/flavors/default/x86_64/
- enabled: yes
- gpgcheck: no
- when: ansible_os_family == "RedHat"
-
- - name: Install epel repo
- yum:
- name: epel-release
- state: latest
- when: ansible_os_family == "RedHat"
-
- # Run the equivalent of "apt-get update" as a separate step
- - apt:
- update_cache: yes
- when: ansible_pkg_mgr == "apt"
-
- - name: Install universal DEB requirements
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - git
- - libtool
- - libssl-dev
- - libffi-dev
- - debian-archive-keyring
- # jenkins-job-builder job:
- - libyaml-dev
- - qemu-kvm
- - libvirt-bin
- - libvirt-dev
- - vagrant
- when: ansible_pkg_mgr == "apt"
-
- - name: Install DEB requirements (>=18.04)
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - schroot
- - python3-dev
- - python3-pip
- - python3-virtualenv
- when:
- - ansible_pkg_mgr == "apt"
- - ansible_distribution_major_version|int >= 18
-
- - name: Install DEB requirements (<=16.04)
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - dchroot
- - python-pip
- - python-dev
- - python-virtualenv
- when:
- - ansible_pkg_mgr == "apt"
- - ansible_distribution_major_version|int <= 16
-
- - name: install requirements without epel
- yum:
- name: "{{ item }}"
- state: present
- disablerepo: epel
- update_cache: yes
- with_items:
- - git
- - gcc
- - libffi-devel
- - java-1.8.0-openjdk-devel
- - qemu-kvm
- - libvirt-devel
- - libguestfs
- - libvirt
- - libguestfs-tools
- - vagrant
- - wget
- - curl
- - openssl-devel
- - redhat-lsb-core
- - iproute
- - mock
- when: ansible_os_family == "RedHat"
-
- - name: install packages from epel (<=7)
- yum:
- name: "{{ item }}"
- state: present
- enablerepo: epel
- update_cache: yes
- with_items:
- - jq
- - python-pip
- - python-devel
- - python-virtualenv
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int <= 7
-
- - name: install packages from epel (>=8)
- dnf:
- name: "{{ item }}"
- state: present
- enablerepo: epel
- update_cache: yes
- with_items:
- - jq
- - python3-pip
- - python3-devel
- - python3-virtualenv
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int >= 8
-
- - set_fact:
- jenkins_group: 'libvirtd'
- when: ansible_distribution_version == '16.04'
-
- - set_fact:
- jenkins_group: 'libvirt'
- when: (ansible_distribution_version == '16.10') or
- (ansible_distribution_major_version|int >= 17) or
- (ansible_os_family == "RedHat")
-
- - name: "create a {{ jenkins_user }} user"
- user:
- name: "{{ jenkins_user }}"
- groups: "{{ jenkins_group }}"
- append: yes
- comment: "Jenkins Build Slave User"
-
- - name: "create a {{ jenkins_user }} home directory"
- file:
- path: "/home/{{ jenkins_user }}/"
- state: directory
- owner: "{{ jenkins_user }}"
-
- - name: "add {{ jenkins_user }} to mock group"
- user:
- name: "{{ jenkins_user }}"
- groups: mock
- append: yes
- when: ansible_os_family == "RedHat"
-
- - name: Create .ssh directory
- file:
- path: "/home/{{ jenkins_user }}/.ssh"
- state: directory
- owner: "{{ jenkins_user }}"
-
- - name: install the vagrant-libvirt plugin (non-RHEL8)
- shell: vagrant plugin install vagrant-libvirt
- become: yes
- become_user: "{{ jenkins_user }}"
- when: not (ansible_os_family == "RedHat" and ansible_distribution_major_version == "8")
-
- - name: install the vagrant-libvirt plugin (RHEL8)
- command: vagrant plugin install vagrant-libvirt
- environment:
- CONFIGURE_ARGS: 'with-libvirt-include=/usr/include/libvirt with-libvirt-lib=/usr/lib64'
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int >= 8
-
- - name: set the authorized keys
- authorized_key:
- user: "{{ jenkins_user }}"
- key: "{{ lookup('file', 'playbook/files/ssh/keys/jenkins_build.pub') }}"
-
- - name: "ensure {{ jenkins_user }} can sudo without a prompt"
- lineinfile:
- dest: /etc/sudoers
- regexp: '^{{ jenkins_user }} ALL'
- line: '{{ jenkins_user }} ALL=(ALL:ALL) NOPASSWD:ALL'
- validate: 'visudo -cf %s'
- when: grant_sudo
-
- - name: set utf-8 for LC_ALL
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LC_ALL='
- line: "export LC_ALL=en_US.UTF-8"
- create: true
- state: present
-
- - name: set utf-8 for LANG
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LANG='
- line: "export LANG=en_US.UTF-8"
-
- - name: set utf-8 for LANGUAGE
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LANGUAGE='
- line: "export LANGUAGE=en_US.UTF-8"
-
- - name: ensure the build dir exists
- file:
- path: "/home/{{ jenkins_user }}/build"
- state: directory
- owner: "{{ jenkins_user }}"
-
- - name: ensure the home dir has the right owner permissions
- file:
- path: "/home/{{ jenkins_user }}"
- state: directory
- owner: "{{ jenkins_user }}"
- group: "{{ jenkins_user }}"
- recurse: yes
-
- - name: Add the Debian Jessie Key
- apt_key:
- id: 2B90D010
- url: https://ftp-master.debian.org/keys/archive-key-8.asc
- keyring: /etc/apt/trusted.gpg
- state: present
- when: ansible_pkg_mgr == "apt"
-
- - name: Add the Debian Security Jessie Key
- apt_key:
- id: C857C906
- url: https://ftp-master.debian.org/keys/archive-key-8-security.asc
- keyring: /etc/apt/trusted.gpg
- state: present
- when: ansible_pkg_mgr == "apt"
-
- - name: Add the Debian Jessie Stable Release Key
- apt_key:
- keyserver: pgp.mit.edu
- id: 75DDC3C4A499F1A18CB5F3C8CBF8D6FD518E17E1
- state: present
- when: ansible_pkg_mgr == "apt"
-
- - name: Install openjdk-7-jre
- apt:
- name: openjdk-7-jre
- state: present
- when:
- ansible_distribution_release in ['precise', 'trusty', 'wheezy', 'jessie']
-
- - name: Install default openjdk for Xenial or Zesty
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - default-jdk
- - default-jre
- when:
- ansible_distribution_release in ['xenial', 'zesty']
-
- - name: correct java version selected
- alternatives:
- name: java
- path: /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
- when:
- (ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'precise') or
- (ansible_distribution == 'Debian' and ansible_distribution_release == 'wheezy')
-
- - name: ensure the gitconfig file exists
- shell: printf "[user]\name=Ceph CI\nemail=ceph-release-team@redhat.com\n" > /home/{{ jenkins_user }}/.gitconfig
-
- - name: ensure the gitconfig file has right permissions
- file:
- path: "/home/{{ jenkins_user }}/.gitconfig"
- owner: "{{ jenkins_user }}"
-
- - name: Set Hostname with hostname command
- hostname:
- name: "ceph-builders"
-
- - name: ensure that 127.0.1.1 is present with an actual hostname
- lineinfile:
- dest: /etc/hosts
- line: '127.0.1.1 ceph-builders'
-
- # we need to update the cloud templates because 'manage_etc_hosts' is
- # set to true on the image we use in OVH and some jobs will reboot
- # these nodes causing the /etc/hosts file to be replace with these
- # templates making jobs fail because the hostname is not resolvable
- # not all our images have this setting though, so ignore failures on
- # those nodes
- - name: update the etc cloud templates for debian /etc/hosts
- lineinfile:
- dest: /etc/cloud/templates/hosts.debian.tmpl
- line: '127.0.1.1 ceph-builders'
- failed_when: false
-
- - name: update the etc cloud templates for debian /etc/hosts
- lineinfile:
- dest: /etc/cloud/templates/hosts.redhat.tmpl
- line: '127.0.1.1 ceph-builders'
- failed_when: false
-
- - name: install six, latest one
- pip:
- name: six
- state: latest
-
- - name: install python-jenkins
- # https://review.openstack.org/460363
- pip:
- name: python-jenkins
- version: 0.4.15
-
- - name: add github.com host key
- known_hosts:
- path: '/etc/ssh/ssh_known_hosts'
- # we need to use 'host' here because prado currently uses ansible-playbook==1.9.1
- host: 'github.com'
- # github.com.pub is the output of `ssh-keyscan github.com`
- key: "{{ lookup('file', 'playbook/files/ssh/hostkeys/github.com.pub') }}"
-
- - name: "configure libvirt permissions for {{ jenkins_user }}"
- blockinfile:
- dest: /etc/libvirt/qemu.conf
- block: |
- user = "{{ jenkins_user }}"
- group = "{{ jenkins_user }}"
- when: ansible_os_family == "RedHat"
-
- - name: start DEB libvirt services
- service:
- name: "{{ item }}"
- state: restarted
- with_items:
- - libvirt-bin
- - libvirt-guests
- when: ansible_os_family == "Debian"
-
- - name: start RPM libvirt services
- service:
- name: "{{ item }}"
- state: restarted
- with_items:
- - libvirtd
- - libvirt-guests
- when: ansible_os_family == "RedHat"
-
- - name: register the new slave to jenkins master with ssh
- jenkins_node:
- username: "{{ api_user }}"
- uri: "{{ api_uri }}"
- password: "{{ token }}"
- # relies on a convention to set a unique name that allows a reverse
- # mapping from Jenkins back to whatever service created the current
- # node
- name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
- labels: "{{ labels }}"
- host: "{{ ansible_default_ipv4.address }}"
- credentialsId: "{{ jenkins_credentials_uuid }}"
- remoteFS: '/home/{{ jenkins_user }}/build'
- executors: '{{ executors|default(1) }}'
- exclusive: true
- when: not use_jnlp
-
- - name: register the new slave to jenkins master with jnlp
- jenkins_node:
- username: "{{ api_user }}"
- uri: "{{ api_uri }}"
- password: "{{ token }}"
- # relies on a convention to set a unique name that allows a reverse
- # mapping from Jenkins back to whatever service created the current
- # node
- name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
- labels: "{{ labels }}"
- host: "{{ ansible_default_ipv4.address }}"
- credentialsId: "{{ jenkins_credentials_uuid }}"
- launcher: 'hudson.slaves.JNLPLauncher'
- remoteFS: '/home/{{ jenkins_user }}/build'
- # XXX this should be configurable, not all nodes should have one executor
- executors: '{{ executors|default(1) }}'
- exclusive: true
- when: use_jnlp
+++ /dev/null
----
-# This playbook is used to configure static libvirt&&vagrant slaves.
-# Ubuntu >= 16.04, CentOS 7/8 are confirmed to work with this playbook.
-#
-# Example usage:
-# On a baremetal node already configured by the github.com/ceph/ceph-cm-ansible common role,
-# `cd ceph-build/ansible && cp examples/slave_libvirt_static.yml .` then:
-# ansible-playbook -M ./library/ slave_libvirt_static.yml --extra-vars '{"token": "XXXXX"}' --limit="yourslave*"
-
-- hosts: all
- become: true
- user: cm
- vars:
- - jenkins_user: 'jenkins-build'
- # jenkins API credentials:
- - api_user: 'ceph-jenkins'
- - jenkins_credentials_uuid: 'f58ac77b-240c-4371-9678-c31389c06728'
- - token: '{{ token }}'
- - api_uri: 'https://2.jenkins.ceph.com'
- - nodename: '{{ ansible_hostname }}'
- - labels: 'vagrant libvirt'
- - grant_sudo: true
-
- tasks:
-
- ### REPO TASKS ###
- - name: Check for custom repos
- shell: "ls -1 /etc/apt/sources.list.d"
- register: custom_repos
- when: ansible_os_family == "Debian"
-
- - name: Delete custom repos
- file:
- path: "/etc/apt/sources.list.d/{{ item }}"
- state: absent
- with_items: "{{ custom_repos.stdout_lines }}"
- when:
- - custom_repos|length > 0
- - custom_repos is defined
- - ansible_os_family == "Debian"
-
- - name: Update apt cache
- apt:
- update_cache: yes
- when: ansible_os_family == "Debian"
-
- # vagrant doesn't have repositories, this chacra repo will be better to have
- # around and can get updates as soon as a new vagrant version is published via
- # chacractl
- - name: add the vagrant repository
- apt_repository:
- repo: "deb [trusted=yes] https://chacra.ceph.com/r/vagrant/latest/HEAD/ubuntu/xenial/flavors/default/ xenial main"
- state: present
- when: ansible_os_family == "Debian"
-
- - name: add the vagrant repository
- yum_repository:
- name: vagrant
- description: self-hosted vagrant repo
- baseurl: https://chacra.ceph.com/r/vagrant/latest/HEAD/centos/7/flavors/default/x86_64/
- enabled: yes
- gpgcheck: no
- when: ansible_os_family == "RedHat"
-
- - name: disable epel
- lineinfile:
- path: "/etc/yum.repos.d/epel.repo"
- regexp: '^enabled=.*'
- line: 'enabled=0'
- when: ansible_os_family == "RedHat"
-
- ### PACKAGING TASKS ###
- - name: Update apt cache
- apt:
- update_cache: yes
- when: ansible_os_family == "Debian"
-
- - name: Install required packages
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - git
- - libtool
- - libssl-dev
- - libffi-dev
- - debian-archive-keyring
- - libyaml-dev
- - qemu-kvm
- - libvirt-bin
- - libvirt-dev
- - vagrant
- - default-jdk
- - default-jre
- when: ansible_os_family == "Debian"
-
- - name: Install DEB requirements (>=18.04)
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - schroot
- - python3-dev
- - python3-pip
- - python3-virtualenv
- when:
- - ansible_pkg_mgr == "apt"
- - ansible_distribution_major_version|int >= 18
-
- - name: Install DEB requirements (<=16.04)
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - dchroot
- - python-pip
- - python-dev
- - python-virtualenv
- when:
- - ansible_pkg_mgr == "apt"
- - ansible_distribution_major_version|int <= 16
-
- - name: install requirements without epel
- yum:
- name: "{{ item }}"
- state: present
- disablerepo: epel
- update_cache: yes
- with_items:
- - git
- - gcc
- - libffi-devel
- - java-1.8.0-openjdk-devel
- - qemu-kvm
- - libvirt-devel
- - libguestfs
- - libvirt
- - libguestfs-tools
- - vagrant
- - wget
- - curl
- - openssl-devel
- - redhat-lsb-core
- - mock
- when: ansible_os_family == "RedHat"
-
- - name: install packages from epel (<=7)
- yum:
- name: "{{ item }}"
- state: present
- enablerepo: epel
- update_cache: yes
- with_items:
- - jq
- - python-pip
- - python-devel
- - python-virtualenv
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int <= 7
-
- - name: install packages from epel (>=8)
- dnf:
- name: "{{ item }}"
- state: present
- enablerepo: epel
- update_cache: yes
- with_items:
- - jq
- - python3-pip
- - python3-devel
- - python3-virtualenv
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int >= 8
-
- ### COMMON TASKS ###
- - set_fact:
- jenkins_group: 'libvirtd'
- when: ansible_distribution_version == '16.04'
-
- - set_fact:
- jenkins_group: 'libvirt'
- when: (ansible_distribution_version == '16.10') or
- (ansible_distribution_major_version|int >= 17) or
- (ansible_os_family == "RedHat")
-
- - name: "create a {{ jenkins_user }} user"
- user:
- name: "{{ jenkins_user }}"
- groups: "{{ jenkins_group }}"
- append: yes
- comment: "Jenkins Build Slave User"
-
- - name: "create a {{ jenkins_user }} home directory"
- file:
- path: "/home/{{ jenkins_user }}/"
- state: directory
- owner: "{{ jenkins_user }}"
-
- - name: "add {{ jenkins_user }} to mock group"
- user:
- name: "{{ jenkins_user }}"
- groups: mock
- append: yes
- when: ansible_os_family == "RedHat"
-
- - name: Create .ssh directory
- file:
- path: "/home/{{ jenkins_user }}/.ssh"
- state: directory
- owner: "{{ jenkins_user }}"
-
- - name: install the vagrant-libvirt plugin (non-RHEL8)
- shell: vagrant plugin install vagrant-libvirt
- become: yes
- become_user: "{{ jenkins_user }}"
- when: not (ansible_os_family == "RedHat" and ansible_distribution_major_version == "8")
-
- - name: install the vagrant-libvirt plugin (RHEL8)
- command: vagrant plugin install vagrant-libvirt
- environment:
- CONFIGURE_ARGS: 'with-libvirt-include=/usr/include/libvirt with-libvirt-lib=/usr/lib64'
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int >= 8
-
- - name: set the authorized keys
- authorized_key:
- user: "{{ jenkins_user }}"
- key: "{{ lookup('file', 'files/ssh/keys/jenkins_build.pub') }}"
-
- - name: "ensure {{ jenkins_user }} can sudo without a prompt"
- lineinfile:
- dest: /etc/sudoers
- regexp: '^{{ jenkins_user }} ALL'
- line: '{{ jenkins_user }} ALL=(ALL:ALL) NOPASSWD:ALL'
- validate: 'visudo -cf %s'
- when: grant_sudo
-
- - name: set utf-8 for LC_ALL
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LC_ALL='
- line: "export LC_ALL=en_US.UTF-8"
- create: true
- state: present
-
- - name: set utf-8 for LANG
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LANG='
- line: "export LANG=en_US.UTF-8"
-
- - name: set utf-8 for LANGUAGE
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LANGUAGE='
- line: "export LANGUAGE=en_US.UTF-8"
-
- - name: ensure the build dir exists
- file:
- path: "/home/{{ jenkins_user }}/build"
- state: directory
- owner: "{{ jenkins_user }}"
-
- - name: ensure the home dir has the right owner permissions
- file:
- path: "/home/{{ jenkins_user }}"
- state: directory
- owner: "{{ jenkins_user }}"
- group: "{{ jenkins_user }}"
- recurse: yes
-
- # Makes sure only our block is in the file
- - name: remove gitconfig file
- file:
- path: "/home/{{ jenkins_user }}/.gitconfig"
- state: absent
-
- - name: ensure our gitconfig file exists
- blockinfile:
- dest: "/home/{{ jenkins_user }}/.gitconfig"
- create: yes
- owner: "{{ jenkins_user }}"
- group: "{{ jenkins_user }}"
- block: |
- [user]
- name=Ceph CI
- email=ceph-release-team@redhat.com
-
- - name: Set Hostname with hostname command
- hostname:
- name: "{{ ansible_hostname }}"
-
- - name: ensure that the current host is in /etc/hosts. Yes this is a thing.
- replace:
- backup: yes
- dest: /etc/hosts
- regexp: '^(127\.0\.1\.1(?!.*\b{{ ansible_hostname }}\b).*)$'
- replace: '\1 {{ ansible_hostname }}'
-
- - name: install six, latest one
- pip:
- name: six
- state: latest
-
- - name: install python-jenkins
- # https://review.openstack.org/460363
- pip:
- name: python-jenkins
- version: 0.4.15
-
- - name: add github.com host key
- known_hosts:
- path: '/etc/ssh/ssh_known_hosts'
- # we need to use 'host' here because prado currently uses ansible-playbook==1.9.1
- host: 'github.com'
- # github.com.pub is the output of `ssh-keyscan github.com`
- key: "{{ lookup('file', 'files/ssh/hostkeys/github.com.pub') }}"
-
- ### LIBVIRT TASKS ###
- - name: "configure libvirt permissions for {{ jenkins_user }}"
- blockinfile:
- dest: /etc/libvirt/qemu.conf
- block: |
- user = "{{ jenkins_user }}"
- group = "{{ jenkins_user }}"
- when: ansible_os_family == "RedHat"
-
- - name: start DEB libvirt services
- service:
- name: "{{ item }}"
- state: restarted
- with_items:
- - libvirt-bin
- - libvirt-guests
- when: ansible_os_family == "Debian"
-
- - name: start RPM libvirt services
- service:
- name: "{{ item }}"
- state: restarted
- with_items:
- - libvirtd
- - libvirt-guests
- when: ansible_os_family == "RedHat"
-
- ### JENKINS TASKS ###
- - name: register the new slave to jenkins master with jnlp
- jenkins_node:
- username: "{{ api_user }}"
- uri: "{{ api_uri }}"
- password: "{{ token }}"
- # relies on a convention to set a unique name that allows a reverse
- # mapping from Jenkins back to whatever service created the current
- # node
- name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
- labels: "{{ labels }}"
- host: "{{ ansible_default_ipv4.address }}"
- credentialsId: "{{ jenkins_credentials_uuid }}"
- launcher: 'hudson.slaves.JNLPLauncher'
- remoteFS: '/home/{{ jenkins_user }}/build'
- # XXX this should be configurable, not all nodes should have one executor
- executors: '{{ executors|default(1) }}'
- exclusive: true
-
- - name: Download slave.jar
- get_url:
- url: "{{ api_uri }}/jnlpJars/slave.jar"
- dest: "/home/{{ jenkins_user }}/slave.jar"
- force: yes
-
- - name: install the systemd unit file for jenkins
- template:
- src: "templates/systemd/jenkins.service.j2"
- dest: "/etc/systemd/system/jenkins.service"
-
- - name: reload systemd unit files (to pick up potential changes)
- systemd:
- daemon_reload: yes
-
- - name: start jenkins service
- service:
- name: jenkins
- state: started
- enabled: yes
+++ /dev/null
----
-# This playbook is used to configure static jenkins slaves. It uses
-# a hosts file so that nodename can be set per host.
-#
-# install python2.7 on Ubuntu
-- hosts: all
- become: yes
-# this will most likely need changed
- user: admin
- gather_facts: false
- tasks:
- - name: install python-simplejson
- raw: sudo apt-get -y install python-simplejson
- # so that this is ignored on rpm nodes
- failed_when: false
-
-- hosts: all
- become: true
-# this will most likely need changed
- user: admin
- vars:
- - jenkins_user: 'jenkins-build'
- # jenkins API credentials:
- - api_user: 'ceph-jenkins'
- - token: '{{ token }}'
- - api_uri: 'https://jenkins.ceph.com'
- # this is also set in the example/hosts-static file
- - nodename: '{{ ansible_hostname }}'
- - labels: '{{ labels }}'
- - use_jnlp: true
- - grant_sudo: true
- - osc_user: 'username'
- - osc_pass: 'password'
-
- tasks:
- - name: create a {{ jenkins_user }} user
- user: name={{ jenkins_user }} comment="Jenkins Build Slave User"
-
- - name: create a {{ jenkins_user }} home directory
- file:
- path: "/home/{{ jenkins_user }}/"
- state: directory
- owner: "{{ jenkins_user }}"
-
- - name: Create .ssh directory
- file:
- path: "/home/{{ jenkins_user }}/.ssh"
- state: directory
- owner: "{{ jenkins_user }}"
-
- - name: set the authorized keys
- authorized_key: user={{ jenkins_user }} key="{{ lookup('file', 'files/ssh/keys/jenkins_build.pub') }}"
-
- - name: ensure {{ jenkins_user }} can sudo without a prompt
- become: yes
- lineinfile:
- dest: /etc/sudoers
- regexp: '^{{ jenkins_user }} ALL'
- line: '{{ jenkins_user }} ALL=(ALL:ALL) NOPASSWD:ALL'
- validate: 'visudo -cf %s'
- when: grant_sudo
-
- - name: set utf-8 for LC_ALL
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LC_ALL='
- line: "export LC_ALL=en_US.UTF-8"
- create: true
- state: present
-
- - name: set utf-8 for LANG
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LANG='
- line: "export LANG=en_US.UTF-8"
-
- - name: set utf-8 for LANGUAGE
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LANGUAGE='
- line: "export LANGUAGE=en_US.UTF-8"
-
- - name: ensure the build dir exists
- file: path=/home/{{ jenkins_user }}/build state=directory owner={{ jenkins_user }}
-
- - name: Create .config/osc directory
- file:
- path: "/home/{{ jenkins_user }}/.config/osc"
- state: directory
- owner: "{{ jenkins_user }}"
- when: ansible_pkg_mgr == "zypper"
-
- - name: Add oscrc file
- blockinfile:
- create: yes
- block: |
- [general]
- apiurl = https://api.opensuse.org
- #build-root = /var/tmp/build-root/%(repo)s-%{arch)s
-
- [https://api.opensuse.org]
- user = {{ osc_user }}
- pass = {{ osc_pass }}
-
- path: "/home/{{ jenkins_user }}/.config/osc/oscrc"
- become_user: "{{ jenkins_user }}"
- when: ansible_pkg_mgr == "zypper"
-
- - name: ensure the home dir has the right owner permissions
- file: path=/home/{{ jenkins_user }} state=directory owner={{ jenkins_user }} group={{ jenkins_user }} recurse=yes follow=no
-
- # smithi nodes do not have epel repos
- - name: install an yum epel repo
- become: yes
- template:
- src: "templates/yum-repos/epel.repo"
- dest: "/etc/yum.repos.d/epel.repo"
- owner: root
- group: root
- mode: 0644
- when: ansible_pkg_mgr == "yum"
-
- # This repo has EL8 packages that Ceph depends on. These packages are not available in AppStream, BaseOS, or EPEL8 yet so we build and manage them.
- - name: Enable EL8 copr repo
- command: "dnf -y copr enable ktdreyer/ceph-el8"
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int == 8
-
- # This repo contains packages that were built from Fedora SRPMs. Same thing here -- not in EPEL yet.
- - name: Enable EL8 lab-extras
- yum_repository:
- name: lab-extras
- description: Ceph Lab extra packages
- baseurl: http://apt-mirror.front.sepia.ceph.com/lab-extras/8/
- gpgcheck: no
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int == 8
-
- - name: Install RPM requirements (All distro versions)
- become: yes
- package:
- name: "{{ item }}"
- state: present
- update_cache: yes
- with_items:
- - createrepo
- - epel-release
- - java-1.8.0-openjdk
- - git
- - libtool
- #- rpm-sign
- - autoconf
- - redhat-lsb-core
- - automake
- - cmake
- - binutils
- - bison
- - flex
- - gcc
- - gcc-c++
- - gettext
- - libtool
- - make
- - patch
- - pkgconfig
- - redhat-rpm-config
- - rpm-build
- - rpmdevtools
- - openssl-devel
- - libffi-devel
- - mock
- when:
- - ansible_os_family == "RedHat"
-
- - name: Install RPM requirements (<=7)
- become: yes
- package:
- name: "{{ item }}"
- state: present
- update_cache: yes
- with_items:
- - python-pip
- - python-virtualenv
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int <= 7
-
- - name: Install RPM requirements (>=8)
- become: yes
- package:
- name: "{{ item }}"
- state: present
- update_cache: yes
- with_items:
- - python3-pip
- - python3-virtualenv
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int >= 8
-
- - name: install packages from epel
- package:
- name: jq
- state: present
- enablerepo: epel
- update_cache: yes
- when: ansible_os_family == "RedHat"
-
- # Run the equivalent of "apt-get update" as a separate step
- - apt: update_cache=yes
- when: ansible_pkg_mgr == "apt"
-
- - name: Install universal DEB requirements
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - git
- - fakeroot
- - fakeroot-ng
- - debhelper
- - reprepro
- - devscripts
- - pbuilder
- - pkg-config
- - libtool
- - libssl-dev
- - libffi-dev
- - autotools-dev
- - automake
- - cmake
- - debian-keyring
- - debian-archive-keyring
- # jenkins-job-builder job:
- - libyaml-dev
- - jq
- # ceph-docs job:
- - doxygen
- - ditaa
- - ant
- - curl
- when: ansible_pkg_mgr == "apt"
-
- - name: Install DEB requirements (>=18.04)
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - schroot
- - python3-dev
- - python3-pip
- - python3-virtualenv
- when:
- - ansible_pkg_mgr == "apt"
- - ansible_distribution_major_version|int >= 18
-
- - name: Install DEB requirements (<=16.04)
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - dchroot
- - python-pip
- - python-dev
- - python-virtualenv
- when:
- - ansible_pkg_mgr == "apt"
- - ansible_distribution_major_version|int <= 16
-
- - name: Add the Debian Jessie Key
- become: yes
- when: ansible_pkg_mgr == "apt"
- apt_key: id=2B90D010 url=https://ftp-master.debian.org/keys/archive-key-8.asc keyring=/etc/apt/trusted.gpg state=present
-
- - name: Add the Debian Security Jessie Key
- become: yes
- when: ansible_pkg_mgr == "apt"
- apt_key: id=C857C906 url=https://ftp-master.debian.org/keys/archive-key-8-security.asc keyring=/etc/apt/trusted.gpg state=present
-
- - name: Add the Debian Jessie Stable Key
- become: yes
- when: ansible_pkg_mgr == "apt"
- apt_key: id=518E17E1 url=http://download.ceph.com/keys/jessie-stable-release.asc keyring=/etc/apt/trusted.gpg state=present
-
- - name: Add the Debian Buster Key
- apt_key:
- id: 3CBBABEE
- url: https://ftp-master.debian.org/keys/archive-key-10.asc
- keyring: /etc/apt/trusted.gpg
- state: present
- when: ansible_pkg_mgr == "apt"
-
- - name: Add the Debian Security Buster Key
- apt_key:
- id: CAA96DFA
- url: https://ftp-master.debian.org/keys/archive-key-10-security.asc
- keyring: /etc/apt/trusted.gpg
- state: present
- when: ansible_pkg_mgr == "apt"
-
- - name: Add the Debian Buster Stable Key
- apt_key:
- id: 77E11517
- url: https://ftp-master.debian.org/keys/release-10.asc
- keyring: /etc/apt/trusted.gpg
- state: present
- when: ansible_pkg_mgr == "apt"
-
- - name: Install openjdk-7-jre
- apt: name=openjdk-7-jre state=present
- when:
- ansible_distribution_release in ['precise', 'trusty', 'wheezy', 'jessie']
-
- - name: Install default openjdk for Xenial only
- apt: name={{ item }} state=present
- with_items:
- - default-jdk
- - default-jre
- when:
- ansible_distribution_release == 'xenial'
-
- - name: correct java version selected
- alternatives: name=java path=/usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
- when:
- (ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'precise') or
- (ansible_distribution == 'Debian' and ansible_distribution_release == 'wheezy')
-
- - name: "add {{ jenkins_user }} to mock group"
- user:
- name: "{{ jenkins_user }}"
- groups: mock
- append: yes
- when: ansible_os_family == "RedHat"
-
- - name: ensure the rpmmacros file exists to fix centos builds
- file: path="/home/{{ jenkins_user }}/.rpmmacros" owner="{{ jenkins_user }}" state=touch
-
- - name: write the rpmmacros needed in centos
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.rpmmacros"
- regexp: '^%dist'
- line: '%dist .el{{ ansible_distribution_major_version }}'
- when: ansible_pkg_mgr == "yum"
-
- - name: ensure the gitconfig file exists
- shell: printf "[user]\name=Ceph CI\nemail=ceph-release-team@redhat.com\n" > /home/{{ jenkins_user }}/.gitconfig
-
- - name: ensure the gitconfig file has right permissions
- file:
- path: "/home/{{ jenkins_user }}/.gitconfig"
- owner: "{{ jenkins_user }}"
-
- - name: Set Hostname with hostname command
- become: yes
- hostname:
- name: "{{ ansible_hostname }}"
- when: ansible_os_family != "Suse"
-
- # https://github.com/ansible/ansible/issues/42726
- - name: Set Hostname on OpenSUSE Leap
- command: 'hostname ceph-builders'
- when: ansible_os_family == "Suse"
-
- - name: ensure that the current host is in /etc/hosts. Yes this is a thing.
- become: true
- replace:
- backup: yes
- dest: /etc/hosts
- regexp: '^(127\.0\.1\.1(?!.*\b{{ ansible_hostname }}\b).*)$'
- replace: '\1 {{ ansible_hostname }}'
-
- - name: ensure that 127.0.1.1 is present with an actual hostname
- become: true
- lineinfile:
- dest: /etc/hosts
- regexp: '^(127\.0\.1\.1(?!.*\b{{ ansible_hostname }}\b).*)$'
- line: '127.0.1.1 {{ ansible_hostname }}'
-
- - set_fact:
- pip_version: pip
- when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int <= 7) or
- ansible_os_family == "Debian" or
- ansible_os_family == "Suse"
-
- - set_fact:
- pip_version: pip3
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8
-
- - name: install six, latest one
- become: true
- pip:
- name: six
- state: latest
- executable: "{{ pip_version }}"
-
- - name: install python-jenkins
- become: true
- # https://review.openstack.org/460363
- pip:
- name: python-jenkins
- version: 0.4.15
- executable: "{{ pip_version }}"
-
- - name: add github.com host key
- become: true
- known_hosts:
- path: '/etc/ssh/ssh_known_hosts'
- # we need to use 'host' here because prado currently uses ansible-playbook==1.9.1
- host: 'github.com'
- # github.com.pub is the output of `ssh-keyscan github.com`
- key: "{{ lookup('file', 'files/ssh/hostkeys/github.com.pub') }}"
-
- # The jenkins_node library tries to use pip3 with python-jenkins but it's not compatible.
- - set_fact:
- ansible_python_interpreter: /usr/bin/python
- when:
- - ansible_os_family == "Debian"
-
- - name: register the new slave to jenkins master with ssh
- jenkins_node:
- username: "{{ api_user }}"
- uri: "{{ api_uri }}"
- password: "{{ token }}"
- # relies on a convention to set a unique name that allows a reverse
- # mapping from Jenkins back to whatever service created the current
- # node
- name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
- labels: "{{ labels }}"
- host: "{{ ansible_default_ipv4.address }}"
- credentialsId: 'jenkins-build'
- remoteFS: '/home/{{ jenkins_user }}/build'
- executors: '{{ executors|default(1) }}'
- exclusive: true
- when: not use_jnlp
-
- - name: register the new slave to jenkins master with jnlp
- jenkins_node:
- username: "{{ api_user }}"
- uri: "{{ api_uri }}"
- password: "{{ token }}"
- # relies on a convention to set a unique name that allows a reverse
- # mapping from Jenkins back to whatever service created the current
- # node
- name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
- labels: "{{ labels }}"
- host: "{{ ansible_default_ipv4.address }}"
- credentialsId: 'jenkins-build'
- launcher: 'hudson.slaves.JNLPLauncher'
- remoteFS: '/home/{{ jenkins_user }}/build'
- # XXX this should be configurable, not all nodes should have one executor
- executors: '{{ executors|default(1) }}'
- exclusive: true
- when: use_jnlp
-
- - name: Download slave.jar
- get_url:
- url: "{{ api_uri }}/jnlpJars/slave.jar"
- dest: "/home/{{ jenkins_user }}/slave.jar"
- force: yes
- when: use_jnlp
-
- - name: install the systemd unit file for jenkins
- template:
- src: "templates/systemd/jenkins.service.j2"
- dest: "/etc/systemd/system/jenkins.service"
- become: true
- when: use_jnlp
-
- - name: reload systemd unit files (to pick up potential changes)
- systemd:
- daemon_reload: yes
-
- - name: start jenkins service
- service:
- name: jenkins
- state: started
- enabled: yes
- become: yes
- when: use_jnlp
+++ /dev/null
-examples/slave.yml
\ No newline at end of file
+++ /dev/null
-examples/slave_libvirt.yml
\ No newline at end of file
projects / ceph-build.git / commitdiff