+++ /dev/null
----
-
-- hosts: all
- user: vagrant
- roles:
- - grafana
- - nginx
- vars:
- fqdn: "grafana.local"
- app_name: "grafana"
- development_server: true
- # only needed when enabling Github Auth
- # github_client_id: "111aaa222"
- # github_client_secret: "qwerty1234"
+++ /dev/null
----
-
-- hosts: all
- user: vagrant
- roles:
- - graphite
- vars:
- fqdn: "graphite.local"
- app_name: "graphite"
- development_server: true
- graphite_api_key: "secret"
--- /dev/null
+---
+
+- hosts: all
+ user: vagrant
+ roles:
+ - grafana
+ - nginx
+ vars:
+ fqdn: "grafana.local"
+ app_name: "grafana"
+ development_server: true
+ # only needed when enabling Github Auth
+ # github_client_id: "111aaa222"
+ # github_client_secret: "qwerty1234"
--- /dev/null
+---
+
+- hosts: all
+ user: vagrant
+ roles:
+ - graphite
+ vars:
+ fqdn: "graphite.local"
+ app_name: "graphite"
+ development_server: true
+ graphite_api_key: "secret"
--- /dev/null
+---
+# Public-facing machines get the port changed to prevent a bit of abuse on the
+# standard one. There are some caveats to this approach, since we are changing
+# the default port we now need to instruct everything else to use the alternate
+# one. This should be run against newly brought up hosts when they are going to
+# be publicly accessible.
+
+- hosts: all
+ user: admin
+ sudo: true
+ tasks:
+
+ - name: uncomment SSH port
+ lineinfile:
+ dest: /etc/ssh/sshd_config
+ regexp: '^#Port '
+ line: 'Port 2222'
+ backrefs: yes
+
+ - name: change default port from 22 if set
+ lineinfile:
+ dest: /etc/ssh/sshd_config
+ regexp: '^Port '
+ line: 'Port 2222'
+ backrefs: yes
+
+ # this requires the firewalld module that
+ # I couldn't get to work. It exists in the extras modules
+ #- name: enable the port in the firewall
+ # firewalld:
+ # port: 2222/tcp
+ # permanent: true
+ # state: enabled
+
+ # this is far from ideal, we ignore errors because we can't
+ # condition this if the port was already opened
+ - name: tell selinux that ssh uses a new port
+ command: semanage port -a -t ssh_port_t -p tcp 2222
+ ignore_errors: yes
+
+ # The CentOS Wiki says this should be run but I couldn't find
+ # a firewall-cmd in the remote CentOS 7 box
+ #- name: configure firewall to add new port
+ # command: firewall-cmd --add-port 2222/tcp --permanent
+
+ # Example action to start service httpd, if not running
+ - name: restart ssh
+ service: name=ssh state=restarted
+ when: ansible_pkg_mgr == "apt"
+
+ - name: restart sshd
+ service: name=sshd state=restarted
+ when: ansible_pkg_mgr == "yum"
--- /dev/null
+---
+
+- hosts: jenkins
+ user: admin
+ sudo: true
+ roles:
+ - ansible-jenkins
+ vars:
+ - nginx_processor_count: 20
+ - nginx_connections: 2048
+ - ansible_ssh_port: 2222
+ - plugins:
+ - 'github'
+ - 'translation'
+ - 'preSCMbuildstep'
+ - 'copyartifact'
+ - 'ssh-slaves'
+ - 'scm-api'
+ - 'multiple-scms'
+ - 'rebuild'
+ - 'publish-over-ssh'
+ - 'nested-view'
+ - 'jenkins-multijob-plugin'
+ - 'dynamic-axis'
+ - 'ghprb'
+ - 'github'
+ - 'github-api'
+ - 'git'
+ - 'git-client'
+ - 'envinject'
+ - 'credentials'
+ - 'copyartifact'
+ - 'github-oauth'
+ - 'mask-passwords'
+ - 'description-setter'
+ - 'postbuildscript'
+ - 'jobConfigHistory'
+
+ - port: 8080
+ - prefix: '/build'
+ - xmx: 8192
+ # Email support
+ #- email:
+ # smtp_host: 'mail.example.com'
+ # smtp_ssl: 'true'
+ # default_email_suffix: '@example.com'
--- /dev/null
+---
+
+- hosts: localhost
+ vars:
+ # should be passed in the CLI like `--extra-vars "version=1.23.45 branch=master"`
+ version: 0-dev # e.g. 0.78
+ branch: master # any existing branch on Github
+ release: stable # stable, development, or rc are valid options
+ tag_name: "v{{ version}}"
+ project: "ceph"
+ clean: true # if re-doing a deployment this deletes the remote branch in Jenkin's git repo
+ force_dch: false # if coming from a rc and wanting to release a stable you need to force dch
+ debemail: adeza@redhat.com
+ debfullname: "Alfredo Deza"
+ roles:
+ - { role: ceph-release, when: "project == 'ceph'" }
+ - { role: ceph-deploy-release, when: "project == 'ceph-deploy'" }
--- /dev/null
+# This playbook requires that you install the roles defined
+# in ./requirements/sensu-requirements.yml. Do this by running:
+#
+# ansible-galaxy install -r requirements/sensu-requirements.yml
+#
+- hosts: sensu-server
+ sudo: true
+ vars_files:
+ - vars/sensu-vars.yml
+ roles:
+ - role: Mayeu.RabbitMQ
+ rabbitmq_vhost_definitions:
+ - name: "/sensu"
+ rabbitmq_users_definitions:
+ - vhost: "/sensu"
+ user: sensu
+ password: secret
+ configure_priv: ".*"
+ read_priv: ".*"
+ write_priv: ".*"
+ rabbitmq_ssl: false
+ - redis
+ - role: Mayeu.sensu
+ sensu_server_rabbitmq_port: 5672
+ sensu_server_api_password: secret
+ sensu_server_rabbitmq_password: secret
+ sensu_server_dashboard_password: secret
+ sensu_client_subscription_names:
+ - common
+ - rabbitmq
+ # these are custom settings for this client
+ sensu_settings:
+ # used in the rabbitmq-alive check
+ rabbitmq:
+ user: sensu
+ password: secret
+ # we need to escape the / in /sensu
+ vhost: "%2Fsensu"
+
+- hosts: sensu-clients
+ sudo: true
+ vars_files:
+ - vars/sensu-vars.yml
+ roles:
+ - role: Mayeu.sensu
+ sensu_server_rabbitmq_hostname: "{{ rabbitmq_client_address|mandatory }}"
+ sensu_server_rabbitmq_port: 5672
+ sensu_server_rabbitmq_password: secret
+ sensu_install_server: false
+ sensu_install_uchiwa: false
+ # sensu_client_subscription_names need to be defined in a hosts_var file
+ # relative to your inventory
--- /dev/null
+---
+
+- hosts: all
+ sudo: true
+ user: ubuntu
+ vars:
+ - jenkins_user: 'jenkins-build'
+ # jenkins API credentials:
+ - api_user: 'ceph-jenkins'
+ - token: '{{ token }}'
+ - api_uri: 'https://jenkins.ceph.com'
+ - nodename: '{{ nodename }}'
+ - labels: '{{ labels }}'
+
+ tasks:
+ - name: create a {{ jenkins_user }} user
+ user: name={{ jenkins_user }} comment="Jenkins Build Slave User"
+
+ - name: Create .ssh directory
+ file: path=/home/{{ jenkins_user }}/.ssh
+ state=directory
+
+ - name: set the authorized keys
+ authorized_key: user={{ jenkins_user }} key="{{ lookup('file', 'playbook/files/ssh/keys/jenkins_build.pub') }}"
+
+ - name: ensure {{ jenkins_user }} can sudo without a prompt
+ sudo: yes
+ lineinfile:
+ dest: /etc/sudoers
+ regexp: '^{{ jenkins_user }} ALL'
+ line: '{{ jenkins_user }} ALL=(ALL:ALL) NOPASSWD:ALL'
+ validate: 'visudo -cf %s'
+
+ - name: ensure the build dir exists
+ file: path=/home/{{ jenkins_user }}/build state=directory owner={{ jenkins_user }}
+
+ - name: ensure the home dir has the right owner permissions
+ file: path=/home/{{ jenkins_user }} state=directory owner={{ jenkins_user }} group={{ jenkins_user }} recurse=yes
+
+ - name: Install RPM requirements
+ sudo: yes
+ yum: name={{ item }} state=present
+ with_items:
+ - createrepo
+ - epel-release
+ - java-1.7.0-openjdk
+ - git
+ - python-pip
+ - python-virtualenv
+ - libtool
+ #- rpm-sign
+ - autoconf
+ - redhat-lsb-core
+ - automake
+ - binutils
+ - bison
+ - flex
+ - gcc
+ - gcc-c++
+ - gettext
+ - libtool
+ - make
+ - patch
+ - pkgconfig
+ - redhat-rpm-config
+ - rpm-build
+ - rpmdevtools
+ - openssl-devel
+ - libffi-devel
+ when: ansible_pkg_mgr == "yum"
+
+ # Run the equivalent of "apt-get update" as a separate step
+ - apt: update_cache=yes
+ when: ansible_pkg_mgr == "apt"
+
+ - name: Install DEB requirements
+ sudo: yes
+ apt: name={{ item }} state=present
+ with_items:
+ - git
+ - fakeroot
+ - fakeroot-ng
+ - debhelper
+ - reprepro
+ - dchroot
+ - devscripts
+ - pbuilder
+ - pkg-config
+ - python-dev
+ - python-pip
+ - python-virtualenv
+ - libtool
+ - autotools-dev
+ - automake
+ - debian-archive-keyring
+ # jenkins-job-builder job:
+ - libyaml-dev
+ # ceph-docs job:
+ - doxygen
+ - ditaa
+ - ant
+ when: ansible_pkg_mgr == "apt"
+
+ - name: Add the Debian Jessie Key
+ sudo: yes
+ when: ansible_pkg_mgr == "apt"
+ apt_key: id=2B90D010 url=https://ftp-master.debian.org/keys/archive-key-8.asc keyring=/etc/apt/trusted.gpg.d/jessie.gpg state=present
+
+ - name: Install openjdk-7-jre
+ apt: name=openjdk-7-jre state=present
+ when:
+ ansible_distribution_release in ['precise', 'trusty', 'wheezy', 'jessie']
+
+ - name: Install default openjdk for Xenial only
+ apt: name={{ item }} state=present
+ with_items:
+ - default-jdk
+ - default-jre
+ when:
+ ansible_distribution_release == 'xenial'
+
+ - name: correct java version selected
+ alternatives: name=java path=/usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
+ when:
+ (ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'precise') or
+ (ansible_distribution == 'Debian' and ansible_distribution_release == 'wheezy')
+
+ - name: ensure the rpmmacros file exists to fix centos builds
+ file: path="/home/{{ jenkins_user }}/.rpmmacros" owner="{{ jenkins_user }}" state=touch
+
+ - name: write the rpmmacros needed in centos
+ lineinfile:
+ dest: "/home/{{ jenkins_user }}/.rpmmacros"
+ regexp: '^%dist'
+ line: '%dist .el{{ ansible_distribution_major_version }}'
+ when: ansible_pkg_mgr == "yum"
+
+ - name: ensure that the current host is in /etc/hosts. Yes this is a thing.
+ sudo: true
+ replace:
+ backup: yes
+ dest: /etc/hosts
+ regexp: '^(127\.0\.1\.1(?!.*\b{{ ansible_hostname }}\b).*)$'
+ replace: '\1 {{ ansible_hostname }}'
+
+ - name: install six, latest one
+ sudo: true
+ pip: name=six state=latest
+
+ - name: install python-jenkins
+ sudo: true
+ # https://bugs.launchpad.net/python-jenkins/+bug/1500898
+ pip: name=python-jenkins version=0.4.7
+
+ - name: add github.com host key
+ sudo: true
+ known_hosts:
+ path: '/etc/ssh/ssh_known_hosts'
+ # we need to use 'host' here because prado currently uses ansible-playbook==1.9.1
+ host: 'github.com'
+ # github.com.pub is the output of `ssh-keyscan github.com`
+ key: "{{ lookup('file', 'playbook/files/ssh/hostkeys/github.com.pub') }}"
+
+ - name: register the new slave to jenkins master
+ jenkins-node:
+ username: "{{ api_user }}"
+ uri: "{{ api_uri }}"
+ password: "{{ token }}"
+ # relies on a convention to set a unique name that allows a reverse
+ # mapping from Jenkins back to whatever service created the current
+ # node
+ name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
+ labels: "{{ labels }}"
+ host: "{{ ansible_default_ipv4.address }}"
+ credentialsId: '39fa150b-b2a1-416e-b334-29a9a2c0b32d'
+ remoteFS: '/home/{{ jenkins_user }}/build'
+ # XXX this should be configurable, not all nodes should have one executor
+ executors: 1
+ exclusive: true
+++ /dev/null
----
-# Public-facing machines get the port changed to prevent a bit of abuse on the
-# standard one. There are some caveats to this approach, since we are changing
-# the default port we now need to instruct everything else to use the alternate
-# one. This should be run against newly brought up hosts when they are going to
-# be publicly accessible.
-
-- hosts: all
- user: admin
- sudo: true
- tasks:
-
- - name: uncomment SSH port
- lineinfile:
- dest: /etc/ssh/sshd_config
- regexp: '^#Port '
- line: 'Port 2222'
- backrefs: yes
-
- - name: change default port from 22 if set
- lineinfile:
- dest: /etc/ssh/sshd_config
- regexp: '^Port '
- line: 'Port 2222'
- backrefs: yes
-
- # this requires the firewalld module that
- # I couldn't get to work. It exists in the extras modules
- #- name: enable the port in the firewall
- # firewalld:
- # port: 2222/tcp
- # permanent: true
- # state: enabled
-
- # this is far from ideal, we ignore errors because we can't
- # condition this if the port was already opened
- - name: tell selinux that ssh uses a new port
- command: semanage port -a -t ssh_port_t -p tcp 2222
- ignore_errors: yes
-
- # The CentOS Wiki says this should be run but I couldn't find
- # a firewall-cmd in the remote CentOS 7 box
- #- name: configure firewall to add new port
- # command: firewall-cmd --add-port 2222/tcp --permanent
-
- # Example action to start service httpd, if not running
- - name: restart ssh
- service: name=ssh state=restarted
- when: ansible_pkg_mgr == "apt"
-
- - name: restart sshd
- service: name=sshd state=restarted
- when: ansible_pkg_mgr == "yum"
+++ /dev/null
----
-
-- hosts: jenkins
- user: admin
- sudo: true
- roles:
- - ansible-jenkins
- vars:
- - nginx_processor_count: 20
- - nginx_connections: 2048
- - ansible_ssh_port: 2222
- - plugins:
- - 'github'
- - 'translation'
- - 'preSCMbuildstep'
- - 'copyartifact'
- - 'ssh-slaves'
- - 'scm-api'
- - 'multiple-scms'
- - 'rebuild'
- - 'publish-over-ssh'
- - 'nested-view'
- - 'jenkins-multijob-plugin'
- - 'dynamic-axis'
- - 'ghprb'
- - 'github'
- - 'github-api'
- - 'git'
- - 'git-client'
- - 'envinject'
- - 'credentials'
- - 'copyartifact'
- - 'github-oauth'
- - 'mask-passwords'
- - 'description-setter'
- - 'postbuildscript'
- - 'jobConfigHistory'
-
- - port: 8080
- - prefix: '/build'
- - xmx: 8192
- # Email support
- #- email:
- # smtp_host: 'mail.example.com'
- # smtp_ssl: 'true'
- # default_email_suffix: '@example.com'
+++ /dev/null
----
-
-- hosts: localhost
- vars:
- # should be passed in the CLI like `--extra-vars "version=1.23.45 branch=master"`
- version: 0-dev # e.g. 0.78
- branch: master # any existing branch on Github
- release: stable # stable, development, or rc are valid options
- tag_name: "v{{ version}}"
- project: "ceph"
- clean: true # if re-doing a deployment this deletes the remote branch in Jenkin's git repo
- force_dch: false # if coming from a rc and wanting to release a stable you need to force dch
- debemail: adeza@redhat.com
- debfullname: "Alfredo Deza"
- roles:
- - { role: ceph-release, when: "project == 'ceph'" }
- - { role: ceph-deploy-release, when: "project == 'ceph-deploy'" }
+++ /dev/null
-# This playbook requires that you install the roles defined
-# in ./requirements/sensu-requirements.yml. Do this by running:
-#
-# ansible-galaxy install -r requirements/sensu-requirements.yml
-#
-- hosts: sensu-server
- sudo: true
- vars_files:
- - vars/sensu-vars.yml
- roles:
- - role: Mayeu.RabbitMQ
- rabbitmq_vhost_definitions:
- - name: "/sensu"
- rabbitmq_users_definitions:
- - vhost: "/sensu"
- user: sensu
- password: secret
- configure_priv: ".*"
- read_priv: ".*"
- write_priv: ".*"
- rabbitmq_ssl: false
- - redis
- - role: Mayeu.sensu
- sensu_server_rabbitmq_port: 5672
- sensu_server_api_password: secret
- sensu_server_rabbitmq_password: secret
- sensu_server_dashboard_password: secret
- sensu_client_subscription_names:
- - common
- - rabbitmq
- # these are custom settings for this client
- sensu_settings:
- # used in the rabbitmq-alive check
- rabbitmq:
- user: sensu
- password: secret
- # we need to escape the / in /sensu
- vhost: "%2Fsensu"
-
-- hosts: sensu-clients
- sudo: true
- vars_files:
- - vars/sensu-vars.yml
- roles:
- - role: Mayeu.sensu
- sensu_server_rabbitmq_hostname: "{{ rabbitmq_client_address|mandatory }}"
- sensu_server_rabbitmq_port: 5672
- sensu_server_rabbitmq_password: secret
- sensu_install_server: false
- sensu_install_uchiwa: false
- # sensu_client_subscription_names need to be defined in a hosts_var file
- # relative to your inventory
+++ /dev/null
----
-
-- hosts: all
- sudo: true
- user: ubuntu
- vars:
- - jenkins_user: 'jenkins-build'
- # jenkins API credentials:
- - api_user: 'ceph-jenkins'
- - token: '{{ token }}'
- - api_uri: 'https://jenkins.ceph.com'
- - nodename: '{{ nodename }}'
- - labels: '{{ labels }}'
-
- tasks:
- - name: create a {{ jenkins_user }} user
- user: name={{ jenkins_user }} comment="Jenkins Build Slave User"
-
- - name: Create .ssh directory
- file: path=/home/{{ jenkins_user }}/.ssh
- state=directory
-
- - name: set the authorized keys
- authorized_key: user={{ jenkins_user }} key="{{ lookup('file', 'playbook/files/ssh/keys/jenkins_build.pub') }}"
-
- - name: ensure {{ jenkins_user }} can sudo without a prompt
- sudo: yes
- lineinfile:
- dest: /etc/sudoers
- regexp: '^{{ jenkins_user }} ALL'
- line: '{{ jenkins_user }} ALL=(ALL:ALL) NOPASSWD:ALL'
- validate: 'visudo -cf %s'
-
- - name: ensure the build dir exists
- file: path=/home/{{ jenkins_user }}/build state=directory owner={{ jenkins_user }}
-
- - name: ensure the home dir has the right owner permissions
- file: path=/home/{{ jenkins_user }} state=directory owner={{ jenkins_user }} group={{ jenkins_user }} recurse=yes
-
- - name: Install RPM requirements
- sudo: yes
- yum: name={{ item }} state=present
- with_items:
- - createrepo
- - epel-release
- - java-1.7.0-openjdk
- - git
- - python-pip
- - python-virtualenv
- - libtool
- #- rpm-sign
- - autoconf
- - redhat-lsb-core
- - automake
- - binutils
- - bison
- - flex
- - gcc
- - gcc-c++
- - gettext
- - libtool
- - make
- - patch
- - pkgconfig
- - redhat-rpm-config
- - rpm-build
- - rpmdevtools
- - openssl-devel
- - libffi-devel
- when: ansible_pkg_mgr == "yum"
-
- # Run the equivalent of "apt-get update" as a separate step
- - apt: update_cache=yes
- when: ansible_pkg_mgr == "apt"
-
- - name: Install DEB requirements
- sudo: yes
- apt: name={{ item }} state=present
- with_items:
- - git
- - fakeroot
- - fakeroot-ng
- - debhelper
- - reprepro
- - dchroot
- - devscripts
- - pbuilder
- - pkg-config
- - python-dev
- - python-pip
- - python-virtualenv
- - libtool
- - autotools-dev
- - automake
- - debian-archive-keyring
- # jenkins-job-builder job:
- - libyaml-dev
- # ceph-docs job:
- - doxygen
- - ditaa
- - ant
- when: ansible_pkg_mgr == "apt"
-
- - name: Add the Debian Jessie Key
- sudo: yes
- when: ansible_pkg_mgr == "apt"
- apt_key: id=2B90D010 url=https://ftp-master.debian.org/keys/archive-key-8.asc keyring=/etc/apt/trusted.gpg.d/jessie.gpg state=present
-
- - name: Install openjdk-7-jre
- apt: name=openjdk-7-jre state=present
- when:
- ansible_distribution_release in ['precise', 'trusty', 'wheezy', 'jessie']
-
- - name: Install default openjdk for Xenial only
- apt: name={{ item }} state=present
- with_items:
- - default-jdk
- - default-jre
- when:
- ansible_distribution_release == 'xenial'
-
- - name: correct java version selected
- alternatives: name=java path=/usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
- when:
- (ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'precise') or
- (ansible_distribution == 'Debian' and ansible_distribution_release == 'wheezy')
-
- - name: ensure the rpmmacros file exists to fix centos builds
- file: path="/home/{{ jenkins_user }}/.rpmmacros" owner="{{ jenkins_user }}" state=touch
-
- - name: write the rpmmacros needed in centos
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.rpmmacros"
- regexp: '^%dist'
- line: '%dist .el{{ ansible_distribution_major_version }}'
- when: ansible_pkg_mgr == "yum"
-
- - name: ensure that the current host is in /etc/hosts. Yes this is a thing.
- sudo: true
- replace:
- backup: yes
- dest: /etc/hosts
- regexp: '^(127\.0\.1\.1(?!.*\b{{ ansible_hostname }}\b).*)$'
- replace: '\1 {{ ansible_hostname }}'
-
- - name: install six, latest one
- sudo: true
- pip: name=six state=latest
-
- - name: install python-jenkins
- sudo: true
- # https://bugs.launchpad.net/python-jenkins/+bug/1500898
- pip: name=python-jenkins version=0.4.7
-
- - name: add github.com host key
- sudo: true
- known_hosts:
- path: '/etc/ssh/ssh_known_hosts'
- # we need to use 'host' here because prado currently uses ansible-playbook==1.9.1
- host: 'github.com'
- # github.com.pub is the output of `ssh-keyscan github.com`
- key: "{{ lookup('file', 'playbook/files/ssh/hostkeys/github.com.pub') }}"
-
- - name: register the new slave to jenkins master
- jenkins-node:
- username: "{{ api_user }}"
- uri: "{{ api_uri }}"
- password: "{{ token }}"
- # relies on a convention to set a unique name that allows a reverse
- # mapping from Jenkins back to whatever service created the current
- # node
- name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
- labels: "{{ labels }}"
- host: "{{ ansible_default_ipv4.address }}"
- credentialsId: '39fa150b-b2a1-416e-b334-29a9a2c0b32d'
- remoteFS: '/home/{{ jenkins_user }}/build'
- # XXX this should be configurable, not all nodes should have one executor
- executors: 1
- exclusive: true
projects / ceph-build.git / commitdiff