--- /dev/null
+---
+## Instead of trying to keep 4 separate playbooks up to date, let's do it all here.
+## The only difference from using multiple playbooks is we need to specify `-e libvirt=true` and/or `-e permanent=true` if the builder will be permanent/static.
+## Tested on: CentOS 7, CentOS 8, Xenial, Bionic, Focal, Leap 15.1 using ansible 2.8.5
+##
+## Example:
+## ansible-playbook -vvv -M ./library/ builder.yml -e '{"labels": "x86_64 xenial etc", "token": "XXXXX", "jenkins_credentials_uuid": "jenkins-build", "api_uri": "https://jenkins.ceph.com"}' -e permanent=true -e ansible_ssh_user=ubuntu --limit braggi01*
+
+- hosts: all
+ become: true
+ user: ubuntu # This should be overridden on the CLI (e.g., -e user=centos). It doesn't matter on a mita/prado builder because the playbook is run locally by root.
+ vars:
+ - libvirt: false # Should vagrant be installed?
+ - permanent: false # Is this a permanent builder? Since the ephemeral (non-permanent) tasks get run more often, we'll default to false.
+ - jenkins_user: 'jenkins-build'
+ #- jenkins_key: This gets defined below now.
+ # jenkins API credentials:
+ - api_user: 'ceph-jenkins'
+ - token: '{{ token }}'
+ - api_uri: 'https://jenkins.ceph.com'
+ - jenkins_credentials_uuid: 'jenkins-build'
+ - nodename: '{{ nodename }}'
+ - labels: '{{ labels }}'
+ - grant_sudo: true
+ - osc_user: 'username'
+ - osc_pass: 'password'
+ - container_mirror: 'docker-mirror.front.sepia.ceph.com:5000'
+
+ tasks:
+ ## DEFINE PACKAGE LISTS BELOW
+ # Universal DEBs
+ - set_fact:
+ universal_debs:
+ - git
+ - fakeroot
+ - debhelper
+ - reprepro
+ - devscripts
+ - pbuilder
+ - pkg-config
+ - libtool
+ - autotools-dev
+ - automake
+ - libssl-dev
+ - libffi-dev
+ - default-jdk
+ - default-jre
+ - debian-keyring
+ - debian-archive-keyring
+ - software-properties-common
+ # jenkins-job-builder job:
+ - libyaml-dev
+ - jq
+ # ceph-docs job:
+ - doxygen
+ - ditaa
+ - ant
+ - tmpreaper
+ tmp_cleaner_name: tmpreaper
+ tmp_cleaner_args: "--runtime=0 14d /tmp/"
+ when: ansible_os_family == "Debian"
+ tags: always
+
+ # Libvirt DEBs (Bionic and older)
+ - set_fact:
+ libvirt_debs:
+ - qemu-kvm
+ - libvirt-bin
+ - libvirt-dev
+ - vagrant
+ when:
+ - ansible_os_family == "Debian"
+ - ansible_distribution_major_version|int <= 18
+ - libvirt|bool
+ tags: always
+
+ # Libvirt DEBs (Focal and newer)
+ - set_fact:
+ libvirt_debs:
+ - qemu-kvm
+ - libvirt-daemon-system
+ - libvirt-clients
+ - libvirt-dev
+ - vagrant
+ when:
+ - ansible_os_family == "Debian"
+ - ansible_distribution_major_version|int >= 20
+ - libvirt|bool
+ tags: always
+
+ # python2 DEBs
+ - set_fact:
+ python2_debs:
+ - python
+ - python-dev
+ - python-pip
+ - python-virtualenv
+ when:
+ - ansible_os_family == "Debian"
+ - ansible_distribution_major_version|int <= 18
+ tags: always
+
+ # python3 DEBs (We only install python2 *and* python3 on Bionic)
+ - set_fact:
+ python3_debs:
+ - python3
+ - python3-dev
+ - python3-pip
+ - python3-venv
+ - python3-virtualenv
+ when:
+ - ansible_os_family == "Debian"
+ - ansible_distribution_major_version|int >= 18
+ tags: always
+
+ # chroot DEBs (Xenial and older)
+ - set_fact:
+ chroot_deb: dchroot
+ when:
+ - ansible_os_family == "Debian"
+ - ansible_distribution_major_version|int <= 16
+ tags: always
+
+ # chroot DEBs (Bionic and newer)
+ - set_fact:
+ chroot_deb: schroot
+ when:
+ - ansible_os_family == "Debian"
+ - ansible_distribution_major_version|int >= 18
+ tags: always
+
+ # Universal RPMs
+ - set_fact:
+ universal_rpms:
+ - createrepo
+ - java-1.8.0-openjdk
+ - git
+ - libtool
+ #- rpm-sign
+ - autoconf
+ - automake
+ - cmake
+ - binutils
+ - bison
+ - flex
+ - gcc
+ - gcc-c++
+ - gettext
+ - libtool
+ - make
+ - patch
+ - pkgconfig
+ - redhat-rpm-config
+ - rpm-build
+ - rpmdevtools
+ - openssl-devel
+ - libffi-devel
+ - tmpwatch
+ tmp_cleaner_name: tmpwatch
+ tmp_cleaner_args: "14d /tmp/"
+ when: ansible_os_family == "RedHat"
+ tags: always
+
+ # Libvirt RPMs
+ - set_fact:
+ libvirt_rpms:
+ - qemu-kvm
+ - libvirt-devel
+ - libguestfs
+ - libvirt
+ - libguestfs-tools
+ - vagrant
+ when:
+ - ansible_os_family == "RedHat"
+ - libvirt|bool
+ tags: always
+
+ # EL7 RPMs
+ - set_fact:
+ epel_rpms:
+ - jq
+ - python-pip
+ - python-devel
+ - python-virtualenv
+ - mock
+ - docker
+ container_service_name: docker
+ container_certs_path: "/etc/docker/certs.d/{{ container_mirror }}"
+ when:
+ - ansible_os_family == "RedHat"
+ - ansible_distribution_major_version|int <= 7
+ tags: always
+
+ # EL8 RPMs
+ - set_fact:
+ epel_rpms:
+ - jq
+ - python3-pip
+ - python3-devel
+ - python3-virtualenv
+ - mock
+ - podman
+ container_service_name: podman
+ container_certs_path: "/etc/containers/certs.d/{{ container_mirror }}"
+ hackery_packages:
+ - gcc
+ - libguestfs-tools-c
+ - libvirt
+ - libvirt-devel
+ - libxml2-devel
+ - libxslt-devel
+ - make
+ - ruby-devel
+ when:
+ - ansible_os_family == "RedHat"
+ - ansible_distribution_major_version|int == 8
+ tags: always
+
+ # EL9 RPMs
+ - set_fact:
+ epel_rpms:
+ - jq
+ - python3-pip
+ - python3-devel
+ - podman
+ container_service_name: podman
+ container_certs_path: "/etc/containers/certs.d/{{ container_mirror }}"
+ hackery_packages:
+ - gcc
+ - libguestfs-tools-c
+ - libvirt
+ - libvirt-devel
+ - libxml2-devel
+ - libxslt-devel
+ - make
+ - ruby-devel
+ when:
+ - ansible_os_family == "RedHat"
+ - ansible_distribution_major_version|int == 9
+ tags: always
+
+ # This package removed in EL9
+ # This has to be a "list" otherwise it gets rendered as an empty string and the yum ansible module doesn't like that.
+ - set_fact:
+ lsb_package:
+ - redhat-lsb-core
+ when:
+ - ansible_os_family == "RedHat"
+ - ansible_distribution_major_version|int <= 8
+ tags: always
+
+ # OpenSUSE RPMs
+ - set_fact:
+ zypper_rpms:
+ - autoconf
+ - automake
+ - binutils
+ - bison
+ - cmake
+ - ccache
+ - createrepo
+ - flex
+ - gcc
+ - gcc-c++
+ - gettext-runtime
+ - git
+ - java-1_8_0-openjdk
+ - jq
+ - libffi-devel
+ - libopenssl-devel
+ - libtool
+ - lsb-release
+ - make
+ - patch
+ - pkg-config
+ - python2-pip
+ - python2-virtualenv
+ - python3-pip
+ - python3-virtualenv
+ - rpm-build
+ - rpmdevtools
+ - tig
+ - wget
+ # obs requirements
+ - osc
+ - build
+ tmp_cleaner_name: tmpwatch
+ tmp_cleaner_args: "14d /tmp/"
+ when: ansible_os_family == "Suse"
+ tags: always
+
+ # OpenSUSE Libvirt RPMs (We've never tried this to date so more might be needed)
+ - set_fact:
+ zypper_libvirt_rpms:
+ - libvirt
+ - libvirt-devel
+ - qemu
+ - kvm
+ - vagrant
+ - ruby-devel
+ when:
+ - ansible_os_family == "Suse"
+ - libvirt|bool
+ tags: always
+
+ ## Let's make sure we don't accidentally set up a permanent builder from Sepia as ephemeral
+ - set_fact:
+ permanent: true
+ with_items: "{{ ansible_all_ipv4_addresses }}"
+ when: "item.startswith('172.21.')"
+ tags: always
+
+ ## Let's make sure nodename gets set using our Sepia hostnames if the builder's in Sepia
+ - set_fact:
+ nodename: "{{ ansible_hostname }}"
+ with_items: "{{ ansible_all_ipv4_addresses }}"
+ when: "item.startswith('172.21.')"
+ tags: always
+
+ ## EPHEMERAL SLAVE TASKS
+ # We would occasionally have issues with name resolution on the Ephemeral builder
+ # so we force them to use Google's DNS servers. This has to be done before
+ # package-related tasks to avoid communication errors with various repos.
+ - name: Ephemeral Slave Tasks
+ block:
+ - name: Uninstall resolvconf on Ubuntu to manually manage resolv.conf
+ apt:
+ name: resolvconf
+ state: absent
+ when: ansible_os_family == "Debian"
+
+ - name: Check for NetworkManager conf
+ stat:
+ path: /etc/NetworkManager/NetworkManager.conf
+ register: nm_conf
+
+ - name: Tell NetworkManager to leave resolv.conf alone on CentOS
+ lineinfile:
+ dest: /etc/NetworkManager/NetworkManager.conf
+ regexp: '^dns='
+ line: 'dns=none'
+ state: present
+ when: ansible_os_family == "RedHat" and nm_conf.stat.exists
+
+ - name: Tell dhclient to leave resolv.conf alone on Ubuntu
+ lineinfile:
+ dest: /etc/dhcp/dhclient.conf
+ regexp: 'prepend domain-name-servers'
+ line: 'supersede domain-name-servers 8.8.8.8;'
+ state: present
+ when: ansible_os_family == "Debian"
+
+ - name: Use Google DNS for name resolution
+ lineinfile:
+ dest: /etc/resolv.conf
+ regexp: '^nameserver'
+ line: 'nameserver 8.8.8.8'
+ state: present
+
+ - name: Set Hostname with hostname command
+ hostname:
+ name: "ceph-builders"
+ when: ansible_os_family != "Suse"
+
+ # https://github.com/ansible/ansible/issues/42726
+ - name: Set Hostname on OpenSUSE Leap
+ command: 'hostname ceph-builders'
+ when: ansible_os_family == "Suse"
+
+ - name: Ensure that 127.0.1.1 is present with an actual hostname
+ lineinfile:
+ backup: yes
+ dest: /etc/hosts
+ line: '127.0.1.1 ceph-builders'
+
+ - name: Update etc cloud templates for debian /etc/hosts
+ lineinfile:
+ backup: yes
+ dest: /etc/cloud/templates/hosts.debian.tmpl
+ line: '127.0.1.1 ceph-builders'
+ when: ansible_os_family == "Debian"
+
+ - name: Update /etc/cloud templates for Red Hat /etc/hosts
+ lineinfile:
+ backup: yes
+ dest: /etc/cloud/templates/hosts.redhat.tmpl
+ line: '127.0.1.1 ceph-builders'
+ failed_when: false
+ when: ansible_os_family == "RedHat"
+
+ - name: Update /etc/cloud templates for Suse /etc/hosts
+ lineinfile:
+ backup: yes
+ dest: /etc/cloud/templates/hosts.suse.tmpl
+ line: '127.0.1.1 ceph-builders'
+ failed_when: false
+ when: ansible_os_family == "Suse"
+
+ - name: Stop and disable daily apt activities
+ command: "{{ item }}"
+ with_items:
+ - systemctl stop apt-daily.timer
+ - systemctl disable apt-daily.timer
+ - systemctl disable apt-daily.service
+ - systemctl daemon-reload
+ when: ansible_os_family == "Debian"
+ # Just in case. This isn't a super important task and might not even be required.
+ ignore_errors: true
+ when: not permanent|bool
+
+ ## VAGRANT REPO TASKS (for libvirt builders)
+ # vagrant doesn't have repositories, this chacra repo will be better to have
+ # around and can get updates as soon as a new vagrant version is published via
+ # chacractl
+ - name: Vagrant/Libvirt Repo Tasks
+ block:
+ - name: Add our vagrant DEB repository
+ apt_repository:
+ repo: "deb [trusted=yes] https://chacra.ceph.com/r/vagrant/latest/HEAD/ubuntu/{{ ansible_distribution_release }}/flavors/default/ {{ ansible_distribution_release }} main"
+ state: present
+ when: ansible_os_family == "Debian"
+
+ - name: Add our vagrant RPM repository
+ yum_repository:
+ name: vagrant
+ description: self-hosted vagrant repo
+ # Although this is a 'CentOS7' repo, the vagrant RPM is OS-version agnostic
+ baseurl: "https://chacra.ceph.com/r/vagrant/latest/HEAD/centos/7/flavors/default/x86_64/"
+ enabled: yes
+ gpgcheck: no
+ when: ansible_os_family == "RedHat"
+ when: libvirt|bool
+
+ ## PACKAGE INSTALLATION TASKS
+ # We do this in one big task to save time and avoid using `with` loops. If a variable isn't defined, it's fine because of the |defaults.
+ - name: Install DEBs
+ apt:
+ name: "{{ universal_debs + libvirt_debs|default([]) + python2_debs|default([]) + python3_debs|default([]) + [ chroot_deb|default('') ] }}"
+ state: latest
+ update_cache: yes
+ when: ansible_os_family == "Debian"
+
+ # Sometimes, builders would connect to Jenkins and try to run an apt transaction right away. Except apt-daily/unattended-upgrades has the dpkg lock so the Jenkins job would fail.
+ - name: Uninstall unattended-upgrades
+ package:
+ name: unattended-upgrades
+ state: absent
+ when: ansible_os_family == "Debian"
+
+ - name: Install EPEL repo
+ yum:
+ name: epel-release
+ state: latest
+ when:
+ - ansible_os_family == "RedHat"
+ - ansible_distribution_major_version|int <= 8
+
+ - name: Install RPMs without EPEL
+ yum:
+ name: "{{ universal_rpms + libvirt_rpms|default([]) + lsb_package|default([]) }}"
+ state: present
+ disablerepo: epel
+ when: ansible_os_family == "RedHat"
+
+ - name: Install RPMs with EPEL
+ yum:
+ name: "{{ epel_rpms|default([]) }}"
+ state: latest
+ enablerepo: epel
+ when: ansible_os_family == "RedHat"
+
+ - name: Install Suse RPMs
+ zypper:
+ name: "{{ zypper_rpms + zypper_libvirt_rpms|default([]) }}"
+ state: latest
+ update_cache: yes
+ when: ansible_os_family == "Suse"
+
+ ## JENKINS USER TASKS
+ - set_fact:
+ jenkins_groups:
+ - "{{ jenkins_user }}"
+ - libvirtd
+ when:
+ - ansible_os_family == "Debian"
+ - ansible_distribution_version == '16.04'
+ - libvirt|bool
+
+ # The group name changed to 'libvirt' in Ubuntu 16.10 and is already 'libvirt' everywhere else
+ - set_fact:
+ jenkins_groups:
+ - "{{ jenkins_user }}"
+ - libvirt
+ when:
+ - not (ansible_os_family == "Debian" and ansible_distribution_version == '16.04')
+ - libvirt|bool
+
+ - name: "Create a {{ jenkins_user }} group"
+ group:
+ name: "{{ jenkins_user }}"
+ state: present
+
+ - name: "Create a {{ jenkins_user }} user"
+ user:
+ name: "{{ jenkins_user }}"
+ # This will add to the jenkins_user and appropriate libvirt group if jenkins_groups is defined.
+ # Otherwise, default to just adding to {{ jenkins_user }} group.
+ groups: "{{ jenkins_groups|default(jenkins_user) }}"
+ state: present
+ comment: "Jenkins Build Slave User"
+
+ - name: "Add {{ jenkins_user }} to mock group"
+ user:
+ name: "{{ jenkins_user }}"
+ groups: mock
+ append: yes
+ when:
+ - ansible_os_family == "RedHat"
+ - ansible_distribution_major_version|int <= 8
+
+ - name: "Create a {{ jenkins_user }} home directory"
+ file:
+ path: "/home/{{ jenkins_user }}/"
+ state: directory
+ owner: "{{ jenkins_user }}"
+
+ - name: Create .ssh directory
+ file:
+ path: "/home/{{ jenkins_user }}/.ssh"
+ state: directory
+ owner: "{{ jenkins_user }}"
+
+ # On a mita/prado provisioned builder, everything gets put into a 'playbook' dir.
+ # Otherwise it can be found in files/ssh/...
+ - set_fact:
+ jenkins_key: "{{ lookup('first_found', key_locations) }}"
+ vars:
+ key_locations:
+ - "playbook/files/ssh/keys/jenkins_build.pub"
+ - "files/ssh/keys/jenkins_build.pub"
+
+ # And worst case scenario, we just pull the key from github.
+ - name: Set the authorized keys
+ authorized_key:
+ user: "{{ jenkins_user }}"
+ key: "{{ lookup('file', '{{ jenkins_key }}')|default('https://raw.githubusercontent.com/ceph/ceph-build/main/ansible/files/ssh/keys/jenkins_build.pub') }}"
+
+ - name: "Ensure {{ jenkins_user }} can sudo without a prompt"
+ lineinfile:
+ dest: /etc/sudoers
+ regexp: '^{{ jenkins_user }} ALL'
+ line: '{{ jenkins_user }} ALL=(ALL:ALL) NOPASSWD:ALL'
+ validate: 'visudo -cf %s'
+ when: grant_sudo|bool
+
+ - name: Set utf-8 for LC_ALL
+ lineinfile:
+ dest: "/home/{{ jenkins_user }}/.bashrc"
+ regexp: '^export LC_ALL='
+ line: "export LC_ALL=en_US.UTF-8"
+ create: true
+ state: present
+
+ - name: Set utf-8 for LANG
+ lineinfile:
+ dest: "/home/{{ jenkins_user }}/.bashrc"
+ regexp: '^export LANG='
+ line: "export LANG=en_US.UTF-8"
+
+ - name: Set utf-8 for LANGUAGE
+ lineinfile:
+ dest: "/home/{{ jenkins_user }}/.bashrc"
+ regexp: '^export LANGUAGE='
+ line: "export LANGUAGE=en_US.UTF-8"
+
+ - name: Ensure the build dir exists
+ file:
+ path: "/home/{{ jenkins_user }}/build"
+ state: directory
+ owner: "{{ jenkins_user }}"
+
+ - name: Create .config/osc directory
+ file:
+ path: "/home/{{ jenkins_user }}/.config/osc"
+ state: directory
+ owner: "{{ jenkins_user }}"
+ when: ansible_os_family == "Suse"
+
+ - name: Add oscrc file
+ blockinfile:
+ create: yes
+ block: |
+ [general]
+ apiurl = https://api.opensuse.org
+ build-root = /home/{{ jenkins_user }}/osc/%(repo)s-%(arch)s
+ [https://api.opensuse.org]
+ user = {{ osc_user }}
+ pass = {{ osc_pass }}
+ path: "/home/{{ jenkins_user }}/.config/osc/oscrc"
+ become_user: "{{ jenkins_user }}"
+ when: ansible_os_family == "Suse"
+
+ - name: Ensure the home dir has the right owner permissions
+ file:
+ path: "/home/{{ jenkins_user }}"
+ state: directory
+ owner: "{{ jenkins_user }}"
+ group: "{{ jenkins_user }}"
+ recurse: yes
+ follow: no
+
+ ## DEBIAN GPG KEY TASKS
+ - name: Install Debian GPG Keys on Ubuntu
+ block:
+ - name: Add the Debian Buster Key
+ apt_key:
+ id: 3CBBABEE
+ url: https://ftp-master.debian.org/keys/archive-key-10.asc
+ keyring: /etc/apt/trusted.gpg
+ state: present
+
+ - name: Add the Debian Security Buster Key
+ apt_key:
+ id: CAA96DFA
+ url: https://ftp-master.debian.org/keys/archive-key-10-security.asc
+ keyring: /etc/apt/trusted.gpg
+ state: present
+
+ - name: Add the Debian Buster Stable Key
+ apt_key:
+ id: 77E11517
+ url: https://ftp-master.debian.org/keys/release-10.asc
+ keyring: /etc/apt/trusted.gpg
+ state: present
+ when: ansible_os_family == "Debian"
+
+ ## VAGRANT PLUGIN TASKS
+ - name: Install vagrant-libvirt plugin
+ block:
+ - name: Install the vagrant-libvirt plugin (without args)
+ shell: vagrant plugin install vagrant-libvirt --plugin-version 0.3.0
+ become_user: "{{ jenkins_user }}"
+ when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int <= 7) or
+ (ansible_os_family == "Debian" and ansible_distribution_major_version|int <= 18)
+
+ - name: Install packages needed to build krb5 from source (EL8)
+ dnf:
+ name: "{{ hackery_packages }}"
+ state: present
+ when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8
+
+ - name: Build krb5 library from source (EL8)
+ shell: |
+ cd $(mktemp -d)
+ wget https://vault.centos.org/8.4.2105/BaseOS/Source/SPackages/krb5-1.18.2-8.el8.src.rpm
+ rpm2cpio krb5-1.18.2-8.el8.src.rpm | cpio -imdV
+ tar xf krb5-1.18.2.tar.gz; cd krb5-1.18.2/src
+ LDFLAGS='-L/opt/vagrant/embedded/' ./configure
+ make
+ sudo cp lib/libk5crypto.* /opt/vagrant/embedded/lib/
+ wget https://vault.centos.org/8.4.2105/BaseOS/Source/SPackages/libssh-0.9.4-2.el8.src.rpm
+ rpm2cpio libssh-0.9.4-2.el8.src.rpm | cpio -imdV
+ tar xf libssh-0.9.4.tar.xz
+ mkdir build
+ cd build
+ cmake ../libssh-0.9.4 -DOPENSSL_ROOT_DIR=/opt/vagrant/embedded/
+ make
+ cp lib/libssh* /opt/vagrant/embedded/lib64
+ when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8
+
+ # https://github.com/vagrant-libvirt/vagrant-libvirt/issues/1127#issuecomment-713651332
+ - name: Install the vagrant-libvirt plugin (EL8)
+ command: vagrant plugin install vagrant-libvirt --plugin-version 0.3.0
+ become_user: "{{ jenkins_user }}"
+ environment:
+ CONFIGURE_ARGS: 'with-ldflags=-L/opt/vagrant/embedded/lib with-libvirt-include=/usr/include/libvirt with-libvirt-lib=/usr/lib'
+ GEM_HOME: '~/.vagrant.d/gems'
+ GEM_PATH: '$GEM_HOME:/opt/vagrant/embedded/gems'
+ when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8
+
+ - name: Install the vagrant-libvirt plugin (Suse)
+ command: vagrant plugin install vagrant-libvirt
+ become_user: "{{ jenkins_user }}"
+ environment:
+ CONFIGURE_ARGS: 'with-libvirt-include=/usr/include/libvirt with-libvirt-lib=/usr/lib64'
+ when: ansible_os_family == "Suse"
+
+ - name: Install the vagrant-libvirt plugin (Focal)
+ command: vagrant plugin install vagrant-libvirt
+ become_user: "{{ jenkins_user }}"
+ environment:
+ CONFIGURE_ARGS: 'with-libvirt-include=/usr/include/libvirt with-libvirt-lib=/usr/lib'
+ when: ansible_os_family == "Debian" and ansible_distribution_major_version|int >= 20
+ when: libvirt|bool
+
+ ## RPMMACROS TASKS
+ - name: rpmmacros Tasks
+ block:
+ - name: Ensure the rpmmacros file exists to fix centos builds
+ file:
+ path: "/home/{{ jenkins_user }}/.rpmmacros"
+ owner: "{{ jenkins_user }}"
+ state: touch
+
+ - name: Write the rpmmacros needed in centos
+ lineinfile:
+ dest: "/home/{{ jenkins_user }}/.rpmmacros"
+ regexp: '^%dist'
+ line: '%dist .el{{ ansible_distribution_major_version }}'
+ when: ansible_os_family == "RedHat"
+
+ ## tmpwatch/tmpreaper TASKS
+ - name: tmpwatch/tmpreaper Tasks
+ block:
+ # In case we're running 'ansible-playbook --tags tmp'
+ - name: "Make sure {{ tmp_cleaner_name }} is installed"
+ package:
+ name: "{{ tmp_cleaner_name }}"
+ state: present
+
+ - name: Disable tmpreaper cron.daily timer
+ file:
+ path: /etc/cron.daily/tmpreaper
+ state: absent
+ when: ansible_os_family == "Debian"
+
+ - name: Create tmp cleaning cronjob
+ cron:
+ name: "Delete /tmp files that have not been accessed in 14 days"
+ special_time: daily
+ job: "{{ tmp_cleaner_name }} {{ tmp_cleaner_args }}"
+ when: permanent|bool
+ tags: tmp
+
+ ## GITCONFIG TASKS
+ - name: Ensure the gitconfig file exists
+ shell: printf "[user]\name=Ceph CI\nemail=ceph-release-team@redhat.com\n" > /home/{{ jenkins_user }}/.gitconfig
+ tags: github
+
+ - name: Ensure the gitconfig file has right permissions
+ file:
+ path: "/home/{{ jenkins_user }}/.gitconfig"
+ owner: "{{ jenkins_user }}"
+ tags: github
+
+ # On a mita/prado provisioned builder, everything gets put into a 'playbook' dir.
+ # If all else fails, get it from github (using the |default)
+ - set_fact:
+ github_key: "{{ lookup('first_found', key_locations) }}"
+ vars:
+ key_locations:
+ # github.com.pub is the output of `ssh-keyscan github.com`
+ - "playbook/files/ssh/hostkeys/github.com.pub"
+ - "files/ssh/hostkeys/github.com.pub"
+ tags: github
+
+ - name: Add github.com host key
+ known_hosts:
+ name: github.com
+ path: '/etc/ssh/ssh_known_hosts'
+ key: "{{ lookup('file', '{{ github_key }}')|default('https://raw.githubusercontent.com/ceph/ceph-build/main/ansible/files/ssh/hostkeys/github.com.pub') }}"
+ tags: github
+
+ ## PIP TASKS
+ - set_fact:
+ pip_version: pip
+ ansible_python_interpreter: /usr/bin/python
+ when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int <= 7) or
+ (ansible_os_family == "Debian" and ansible_distribution_major_version|int <= 16)
+ tags:
+ - register
+
+ - set_fact:
+ pip_version: pip3
+ ansible_python_interpreter: /usr/bin/python3
+ when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8) or
+ (ansible_os_family == "Debian" and ansible_distribution_major_version|int >= 18) or
+ ansible_os_family == "Suse"
+ tags:
+ - register
+
+ - name: Install six, latest one
+ pip:
+ name: six
+ state: latest
+ executable: "{{ pip_version }}"
+ when: ansible_os_family != "Suse"
+ tags:
+ - register
+
+ - name: Install python-jenkins
+ # https://review.openstack.org/460363
+ pip:
+ name: python-jenkins
+ version: 0.4.15
+ executable: "{{ pip_version }}"
+ tags:
+ - register
+
+ ## LIBVIRT SERVICE TASKS
+ - name: start libvirt services
+ service:
+ name: "{{ item }}"
+ state: restarted
+ with_items:
+ - libvirtd
+ - libvirt-guests
+ when: libvirt|bool
+
+ ## CONTAINER SERVICE TASKS
+ - name: Container Tasks
+ block:
+ - name: "Create {{ container_certs_path }}"
+ file:
+ path: "{{ container_certs_path }}"
+ state: directory
+
+ - name: "Copy {{ container_mirror }} self-signed cert"
+ copy:
+ dest: "{{ container_certs_path }}/docker-mirror.crt"
+ content: |
+ -----BEGIN CERTIFICATE-----
+ MIIGRTCCBC2gAwIBAgIUPCTsbv8FMCQdzmusdvXTdO8UaKMwDQYJKoZIhvcNAQEL
+ BQAwgbExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEUMBIGA1UEBwwLTW9ycmlz
+ dmlsbGUxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xDTALBgNVBAsMBENlcGgxKzAp
+ BgNVBAMMImRvY2tlci1taXJyb3IuZnJvbnQuc2VwaWEuY2VwaC5jb20xKzApBgkq
+ hkiG9w0BCQEWHGNlcGgtaW5mcmEtYWRtaW5zQHJlZGhhdC5jb20wHhcNMjAxMTEy
+ MDAwMjM1WhcNMjAxMjEyMDAwMjM1WjCBsTELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
+ Ak5DMRQwEgYDVQQHDAtNb3JyaXN2aWxsZTEWMBQGA1UECgwNUmVkIEhhdCwgSW5j
+ LjENMAsGA1UECwwEQ2VwaDErMCkGA1UEAwwiZG9ja2VyLW1pcnJvci5mcm9udC5z
+ ZXBpYS5jZXBoLmNvbTErMCkGCSqGSIb3DQEJARYcY2VwaC1pbmZyYS1hZG1pbnNA
+ cmVkaGF0LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALUfPWaA
+ Gyuu+McgrPmPBafco3NjOQ2Na8rfLA5X0pz1tTfWgmtwuzhgKR674Nh6yz1WKXmS
+ ic5416dSx6r8NnBXkPSVLP3HlejPki1ohrqm9M1rXdPqvdmzV5TcRvmmLljo1IjI
+ Glwhv+XjJlKPLOUmi4Yk8cmgwVThc9OGC67sve2oDY0+JufFdiMPB5OLi13t9vPz
+ lixFzHXsss4KgD95Ou2PVLQpPCJ4Bxyar5BR0sb4+b2J0b3V3sxg/bvuOdlUuxAy
+ yCogtCTVXCBsERJ3wVI28MsibfBy+tLbNMbIJTZC+LblFOKfxbNiLGNv6z2NQ12h
+ S9C3YCxmgs8b3h9dkQtTj0/7/kpOppLPTvU9v/MOt177biTlbw8QQAjYyZYdXkZT
+ 6LwdQmQQGCIQUUaMoeZgIplxEu7My1Gk3M2dfy/c36+r/olfbuTxPav2y9/wwjV2
+ 2TrmbSTrAxZwFVvlb9wJCpW6jKh+Cl55XS4wFmEdgf5OJC8W2Rsa69pUmFnro+2z
+ d6zXlDXj5lxdqwSu6FF/PkImToUJ2J9hvotejIdRIJ/TfowwVygqC9k3wgRDYRut
+ q/tmorElTMDmwt1sATuvK81WkTZ28d3hcg5Xu9o1qwCQnKRHUeOOyP4M6c0lSvLb
+ lkZsptmUHyslGBlc9MOd6kH4REZH9x2pga2nAgMBAAGjUzBRMB0GA1UdDgQWBBSk
+ 4Vk1KYHJ4VmDAorKCtSx5RVD7TAfBgNVHSMEGDAWgBSk4Vk1KYHJ4VmDAorKCtSx
+ 5RVD7TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBYaG8PFoE5
+ PSdIwjT2NRV0ARC+xkM/P8Vo4H2tYewSz/wGwdfjpz7NJD/os6Tiff6BWBaD75t0
+ 2X2MLXeGT2vOJ05hoETCJ1PqHSSlBXkH8De925lGfz4lTeS0gz6qZuEWxeN0Utib
+ 5Q3hq7OByS6I8L5kE6L9acFzKqbIOtJOWXXx9J4B7GEUoE+Jk5Vm6yfH4AeGhEbT
+ bQ8J5FbP+zk6iPkXGQdb/3aUBbOCn5OCSmERcTPyK9XzuyBz6wkFjZ9PAvbFLvOI
+ bD1KGIte1Np4jrM4ur924vjZTxm+wVKFDNS64J8t48yN2LUS2pV2zfwC6ACHypf4
+ WhsGpd1hNy+ZGt0dIrgRgKkttNx5VoVaLgzn3ozFz5BXbdHRCXV2BmY36QDzGQqw
+ 2BdKeJ/7INdB9NkGSkJYTvkNAS9YixqATxNsaOMt35HRADUlPQoUqzxIEujJzYdz
+ LVpzeTMNDxASqDG1MRIjNDp6l2xgC+H5wVpm5wn4eGvf4A7GXr35Q1TNRzmHayiP
+ FBp0Epiy+oFS1Xd/WQvMHCQMT4HoKSGf5u0++DpU1E5vN29vrxIOZ4+a9a5kZA95
+ QnsemvTiYf3C1xktkYR9AmUqYqCDTp/5nfqbQibRO0Chpy5UnhAXujkL0ABeaSaz
+ MViiJ2AX7vk2E++MXkBhi4IMyz0Vw2lPhg==
+ -----END CERTIFICATE-----
+ when: ansible_os_family == "RedHat"
+
+ ## JENKINS BUILDER AGENT TASKS
+ # We use SSH for ephemeral builders
+ - name: Register ephemeral builder using SSH
+ jenkins_node:
+ username: "{{ api_user }}"
+ uri: "{{ api_uri }}"
+ password: "{{ token }}"
+ # relies on a convention to set a unique name that allows a reverse
+ # mapping from Jenkins back to whatever service created the current
+ # node
+ name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
+ labels: "{{ labels }}"
+ host: "{{ ansible_default_ipv4.address }}"
+ credentialsId: "{{ jenkins_credentials_uuid }}"
+ remoteFS: '/home/{{ jenkins_user }}/build'
+ executors: '{{ executors|default(1) }}'
+ exclusive: true
+ when: not permanent|bool
+ tags: register
+
+ - name: Register Permanent Builder
+ block:
+ - name: Register permenant builder using JNLP
+ jenkins_node:
+ username: "{{ api_user }}"
+ uri: "{{ api_uri }}"
+ password: "{{ token }}"
+ # relies on a convention to set a unique name that allows a reverse
+ # mapping from Jenkins back to whatever service created the current
+ # node
+ name: "{{ ansible_default_ipv4.address }}+{{ ansible_hostname }}"
+ labels: "{{ labels }}"
+ host: "{{ ansible_default_ipv4.address }}"
+ credentialsId: "{{ jenkins_credentials_uuid }}"
+ launcher: 'hudson.slaves.JNLPLauncher'
+ remoteFS: '/home/{{ jenkins_user }}/build'
+ executors: '{{ executors|default(1) }}'
+ exclusive: true
+
+ - name: Download agent.jar
+ get_url:
+ url: "{{ api_uri }}/jnlpJars/agent.jar"
+ dest: "/home/{{ jenkins_user }}/agent.jar"
+ force: yes
+ register: jar_changed
+
+ - name: Install the systemd unit files for jenkins
+ template:
+ src: "templates/systemd/jenkins.{{ item }}.j2"
+ dest: "/etc/systemd/system/jenkins.{{ item }}"
+ with_items:
+ - service
+ - secret
+ register: unit_files_changed
+
+ - name: Reload systemd unit files (to pick up potential changes)
+ systemd:
+ daemon_reload: yes
+
+ - name: Start jenkins service
+ service:
+ name: jenkins
+ state: started
+ enabled: yes
+
+ - name: REstart jenkins service (if necessary)
+ service:
+ name: jenkins
+ state: restarted
+ enabled: yes
+ when: jar_changed is changed or unit_files_changed is changed
+ when: permanent|bool
+ tags: register
--- /dev/null
+---
+
+- hosts: jenkins_controller
+ user: cm
+ become: true
+ roles:
+ - ansible-jenkins
+ vars:
+ - nginx_processor_count: 20
+ - nginx_connections: 2048
+ - ansible_ssh_port: 2222
+ - plugins:
+ - 'ace-editor'
+ - 'additional-metrics'
+ - 'ant'
+ - 'antisamy-markup-formatter'
+ - 'apache-httpcomponents-client-4-api'
+ - 'applitools-eyes'
+ - 'authentication-tokens'
+ - 'bouncycastle-api'
+ - 'branch-api'
+ - 'build-failure-analyzer'
+ - 'build-history-metrics-plugin'
+ - 'build-monitor-plugin'
+ - 'build-user-vars-plugin'
+ - 'built-on-column'
+ - 'cloudbees-folder'
+ - 'cobertura'
+ - 'code-coverage-api'
+ - 'command-launcher'
+ - 'compress-artifacts'
+ - 'conditional-buildstep'
+ - 'configuration-as-code'
+ - 'copyartifact'
+ - 'credentials'
+ - 'credentials-binding'
+ - 'cvs'
+ - 'dashboard-view'
+ - 'description-setter'
+ - 'display-url-api'
+ - 'docker-commons'
+ - 'docker-workflow'
+ - 'durable-task'
+ - 'dynamic-axis'
+ - 'envinject'
+ - 'envinject-api'
+ - 'external-monitor-job'
+ - 'ghprb'
+ - 'git'
+ - 'git-client'
+ - 'github'
+ - 'github-api'
+ - 'github-branch-source'
+ - 'github-oauth'
+ - 'github-organization-folder'
+ - 'git-server'
+ - 'global-build-stats'
+ - 'handlebars'
+ - 'htmlpublisher'
+ - 'icon-shim'
+ - 'jackson2-api'
+ - 'javadoc'
+ - 'jdk-tool'
+ - 'jenkins-multijob-plugin'
+ - 'jquery-detached'
+ - 'jsch'
+ - 'junit'
+ - 'ldap'
+ - 'lockable-resources'
+ - 'mailer'
+ - 'mapdb-api'
+ - 'mask-passwords'
+ - 'matrix-auth'
+ - 'matrix-project'
+ - 'maven-plugin'
+ - 'momentjs'
+ - 'multiple-scms'
+ - 'naginator'
+ - 'nested-view'
+ - 'pam-auth'
+ - 'parameterized-trigger'
+ - 'pipeline-build-step'
+ - 'pipeline-github-lib'
+ - 'pipeline-graph-analysis'
+ - 'pipeline-input-step'
+ - 'pipeline-milestone-step'
+ - 'pipeline-model-api'
+ - 'pipeline-model-declarative-agent'
+ - 'pipeline-model-definition'
+ - 'pipeline-model-extensions'
+ - 'pipeline-rest-api'
+ - 'pipeline-stage-step'
+ - 'pipeline-stage-tags-metadata'
+ - 'pipeline-stage-view'
+ - 'plain-credentials'
+ - 'postbuildscript'
+ - 'preSCMbuildstep'
+ - 'publish-over'
+ - 'publish-over-ssh'
+ - 'rebuild'
+ - 'resource-disposer'
+ - 'run-condition'
+ - 'scm-api'
+ - 'script-security'
+ - 'short-workspace-path'
+ - 'ssh-agent'
+ - 'ssh-credentials'
+ - 'ssh-slaves'
+ - 'structs'
+ - 'subversion'
+ - 'token-macro'
+ - 'translation'
+ - 'trilead-api'
+ - 'urltrigger'
+ - 'windows-slaves'
+ - 'workflow-aggregator'
+ - 'workflow-api'
+ - 'workflow-basic-steps'
+ - 'workflow-cps'
+ - 'workflow-cps-global-lib'
+ - 'workflow-durable-task-step'
+ - 'workflow-job'
+ - 'workflow-multibranch'
+ - 'workflow-scm-step'
+ - 'workflow-step-api'
+ - 'workflow-support'
+ - 'ws-cleanup'
+
+ - jenkins_port: 8080
+ - prefix: '/build'
+ - xmx: 8192
+ # Email support
+ #- email:
+ # smtp_host: 'mail.example.com'
+ # smtp_ssl: 'true'
+ # default_email_suffix: '@example.com'
+ vars_prompt:
+ - name: "okay_with_restart"
+ prompt: "\nWARNING: Some tasks like updating/installing plugins will restart Jenkins.\nAre you okay with restarting the Jenkins service? (y|n)"
+ default: "n"
+++ /dev/null
----
-
-- hosts: jenkins_master
- user: cm
- become: true
- roles:
- - ansible-jenkins
- vars:
- - nginx_processor_count: 20
- - nginx_connections: 2048
- - ansible_ssh_port: 2222
- - plugins:
- - 'ace-editor'
- - 'additional-metrics'
- - 'ant'
- - 'antisamy-markup-formatter'
- - 'apache-httpcomponents-client-4-api'
- - 'applitools-eyes'
- - 'authentication-tokens'
- - 'bouncycastle-api'
- - 'branch-api'
- - 'build-failure-analyzer'
- - 'build-history-metrics-plugin'
- - 'build-monitor-plugin'
- - 'build-user-vars-plugin'
- - 'built-on-column'
- - 'cloudbees-folder'
- - 'cobertura'
- - 'code-coverage-api'
- - 'command-launcher'
- - 'compress-artifacts'
- - 'conditional-buildstep'
- - 'configuration-as-code'
- - 'copyartifact'
- - 'credentials'
- - 'credentials-binding'
- - 'cvs'
- - 'dashboard-view'
- - 'description-setter'
- - 'display-url-api'
- - 'docker-commons'
- - 'docker-workflow'
- - 'durable-task'
- - 'dynamic-axis'
- - 'envinject'
- - 'envinject-api'
- - 'external-monitor-job'
- - 'ghprb'
- - 'git'
- - 'git-client'
- - 'github'
- - 'github-api'
- - 'github-branch-source'
- - 'github-oauth'
- - 'github-organization-folder'
- - 'git-server'
- - 'global-build-stats'
- - 'handlebars'
- - 'htmlpublisher'
- - 'icon-shim'
- - 'jackson2-api'
- - 'javadoc'
- - 'jdk-tool'
- - 'jenkins-multijob-plugin'
- - 'jquery-detached'
- - 'jsch'
- - 'junit'
- - 'ldap'
- - 'lockable-resources'
- - 'mailer'
- - 'mapdb-api'
- - 'mask-passwords'
- - 'matrix-auth'
- - 'matrix-project'
- - 'maven-plugin'
- - 'momentjs'
- - 'multiple-scms'
- - 'naginator'
- - 'nested-view'
- - 'pam-auth'
- - 'parameterized-trigger'
- - 'pipeline-build-step'
- - 'pipeline-github-lib'
- - 'pipeline-graph-analysis'
- - 'pipeline-input-step'
- - 'pipeline-milestone-step'
- - 'pipeline-model-api'
- - 'pipeline-model-declarative-agent'
- - 'pipeline-model-definition'
- - 'pipeline-model-extensions'
- - 'pipeline-rest-api'
- - 'pipeline-stage-step'
- - 'pipeline-stage-tags-metadata'
- - 'pipeline-stage-view'
- - 'plain-credentials'
- - 'postbuildscript'
- - 'preSCMbuildstep'
- - 'publish-over'
- - 'publish-over-ssh'
- - 'rebuild'
- - 'resource-disposer'
- - 'run-condition'
- - 'scm-api'
- - 'script-security'
- - 'short-workspace-path'
- - 'ssh-agent'
- - 'ssh-credentials'
- - 'ssh-slaves'
- - 'structs'
- - 'subversion'
- - 'token-macro'
- - 'translation'
- - 'trilead-api'
- - 'urltrigger'
- - 'windows-slaves'
- - 'workflow-aggregator'
- - 'workflow-api'
- - 'workflow-basic-steps'
- - 'workflow-cps'
- - 'workflow-cps-global-lib'
- - 'workflow-durable-task-step'
- - 'workflow-job'
- - 'workflow-multibranch'
- - 'workflow-scm-step'
- - 'workflow-step-api'
- - 'workflow-support'
- - 'ws-cleanup'
-
- - jenkins_port: 8080
- - prefix: '/build'
- - xmx: 8192
- # Email support
- #- email:
- # smtp_host: 'mail.example.com'
- # smtp_ssl: 'true'
- # default_email_suffix: '@example.com'
- vars_prompt:
- - name: "okay_with_restart"
- prompt: "\nWARNING: Some tasks like updating/installing plugins will restart Jenkins.\nAre you okay with restarting the Jenkins service? (y|n)"
- default: "n"
+++ /dev/null
----
-## Instead of trying to keep 4 separate playbooks up to date, let's do it all here.
-## The only difference from using multiple playbooks is we need to specify `-e libvirt=true` and/or `-e permanent=true` if the slave will be permanent/static.
-## Tested on: CentOS 7, CentOS 8, Xenial, Bionic, Focal, Leap 15.1 using ansible 2.8.5
-##
-## Example:
-## ansible-playbook -vvv -M ./library/ slave.yml -e '{"labels": "x86_64 xenial etc", "token": "XXXXX", "jenkins_credentials_uuid": "jenkins-build", "api_uri": "https://jenkins.ceph.com"}' -e permanent=true -e ansible_ssh_user=ubuntu --limit braggi01*
-
-- hosts: all
- become: true
- user: ubuntu # This should be overridden on the CLI (e.g., -e user=centos). It doesn't matter on a mita/prado slave because the playbook is run locally by root.
- vars:
- - libvirt: false # Should vagrant be installed?
- - permanent: false # Is this a permanent slave? Since the ephemeral (non-permanent) tasks get run more often, we'll default to false.
- - jenkins_user: 'jenkins-build'
- #- jenkins_key: This gets defined below now.
- # jenkins API credentials:
- - api_user: 'ceph-jenkins'
- - token: '{{ token }}'
- - api_uri: 'https://jenkins.ceph.com'
- - jenkins_credentials_uuid: 'jenkins-build'
- - nodename: '{{ nodename }}'
- - labels: '{{ labels }}'
- - grant_sudo: true
- - osc_user: 'username'
- - osc_pass: 'password'
- - container_mirror: 'docker-mirror.front.sepia.ceph.com:5000'
-
- tasks:
- ## DEFINE PACKAGE LISTS BELOW
- # Universal DEBs
- - set_fact:
- universal_debs:
- - git
- - fakeroot
- - debhelper
- - reprepro
- - devscripts
- - pbuilder
- - pkg-config
- - libtool
- - autotools-dev
- - automake
- - libssl-dev
- - libffi-dev
- - default-jdk
- - default-jre
- - debian-keyring
- - debian-archive-keyring
- - software-properties-common
- # jenkins-job-builder job:
- - libyaml-dev
- - jq
- # ceph-docs job:
- - doxygen
- - ditaa
- - ant
- - tmpreaper
- tmp_cleaner_name: tmpreaper
- tmp_cleaner_args: "--runtime=0 14d /tmp/"
- when: ansible_os_family == "Debian"
- tags: always
-
- # Libvirt DEBs (Bionic and older)
- - set_fact:
- libvirt_debs:
- - qemu-kvm
- - libvirt-bin
- - libvirt-dev
- - vagrant
- when:
- - ansible_os_family == "Debian"
- - ansible_distribution_major_version|int <= 18
- - libvirt|bool
- tags: always
-
- # Libvirt DEBs (Focal and newer)
- - set_fact:
- libvirt_debs:
- - qemu-kvm
- - libvirt-daemon-system
- - libvirt-clients
- - libvirt-dev
- - vagrant
- when:
- - ansible_os_family == "Debian"
- - ansible_distribution_major_version|int >= 20
- - libvirt|bool
- tags: always
-
- # python2 DEBs
- - set_fact:
- python2_debs:
- - python
- - python-dev
- - python-pip
- - python-virtualenv
- when:
- - ansible_os_family == "Debian"
- - ansible_distribution_major_version|int <= 18
- tags: always
-
- # python3 DEBs (We only install python2 *and* python3 on Bionic)
- - set_fact:
- python3_debs:
- - python3
- - python3-dev
- - python3-pip
- - python3-venv
- - python3-virtualenv
- when:
- - ansible_os_family == "Debian"
- - ansible_distribution_major_version|int >= 18
- tags: always
-
- # chroot DEBs (Xenial and older)
- - set_fact:
- chroot_deb: dchroot
- when:
- - ansible_os_family == "Debian"
- - ansible_distribution_major_version|int <= 16
- tags: always
-
- # chroot DEBs (Bionic and newer)
- - set_fact:
- chroot_deb: schroot
- when:
- - ansible_os_family == "Debian"
- - ansible_distribution_major_version|int >= 18
- tags: always
-
- # Universal RPMs
- - set_fact:
- universal_rpms:
- - createrepo
- - java-1.8.0-openjdk
- - git
- - libtool
- #- rpm-sign
- - autoconf
- - automake
- - cmake
- - binutils
- - bison
- - flex
- - gcc
- - gcc-c++
- - gettext
- - libtool
- - make
- - patch
- - pkgconfig
- - redhat-rpm-config
- - rpm-build
- - rpmdevtools
- - openssl-devel
- - libffi-devel
- - tmpwatch
- tmp_cleaner_name: tmpwatch
- tmp_cleaner_args: "14d /tmp/"
- when: ansible_os_family == "RedHat"
- tags: always
-
- # Libvirt RPMs
- - set_fact:
- libvirt_rpms:
- - qemu-kvm
- - libvirt-devel
- - libguestfs
- - libvirt
- - libguestfs-tools
- - vagrant
- when:
- - ansible_os_family == "RedHat"
- - libvirt|bool
- tags: always
-
- # EL7 RPMs
- - set_fact:
- epel_rpms:
- - jq
- - python-pip
- - python-devel
- - python-virtualenv
- - mock
- - docker
- container_service_name: docker
- container_certs_path: "/etc/docker/certs.d/{{ container_mirror }}"
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int <= 7
- tags: always
-
- # EL8 RPMs
- - set_fact:
- epel_rpms:
- - jq
- - python3-pip
- - python3-devel
- - python3-virtualenv
- - mock
- - podman
- container_service_name: podman
- container_certs_path: "/etc/containers/certs.d/{{ container_mirror }}"
- hackery_packages:
- - gcc
- - libguestfs-tools-c
- - libvirt
- - libvirt-devel
- - libxml2-devel
- - libxslt-devel
- - make
- - ruby-devel
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int == 8
- tags: always
-
- # EL9 RPMs
- - set_fact:
- epel_rpms:
- - jq
- - python3-pip
- - python3-devel
- - podman
- container_service_name: podman
- container_certs_path: "/etc/containers/certs.d/{{ container_mirror }}"
- hackery_packages:
- - gcc
- - libguestfs-tools-c
- - libvirt
- - libvirt-devel
- - libxml2-devel
- - libxslt-devel
- - make
- - ruby-devel
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int == 9
- tags: always
-
- # This package removed in EL9
- # This has to be a "list" otherwise it gets rendered as an empty string and the yum ansible module doesn't like that.
- - set_fact:
- lsb_package:
- - redhat-lsb-core
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int <= 8
- tags: always
-
- # OpenSUSE RPMs
- - set_fact:
- zypper_rpms:
- - autoconf
- - automake
- - binutils
- - bison
- - cmake
- - ccache
- - createrepo
- - flex
- - gcc
- - gcc-c++
- - gettext-runtime
- - git
- - java-1_8_0-openjdk
- - jq
- - libffi-devel
- - libopenssl-devel
- - libtool
- - lsb-release
- - make
- - patch
- - pkg-config
- - python2-pip
- - python2-virtualenv
- - python3-pip
- - python3-virtualenv
- - rpm-build
- - rpmdevtools
- - tig
- - wget
- # obs requirements
- - osc
- - build
- tmp_cleaner_name: tmpwatch
- tmp_cleaner_args: "14d /tmp/"
- when: ansible_os_family == "Suse"
- tags: always
-
- # OpenSUSE Libvirt RPMs (We've never tried this to date so more might be needed)
- - set_fact:
- zypper_libvirt_rpms:
- - libvirt
- - libvirt-devel
- - qemu
- - kvm
- - vagrant
- - ruby-devel
- when:
- - ansible_os_family == "Suse"
- - libvirt|bool
- tags: always
-
- ## Let's make sure we don't accidentally set up a permanent slave from Sepia as ephemeral
- - set_fact:
- permanent: true
- with_items: "{{ ansible_all_ipv4_addresses }}"
- when: "item.startswith('172.21.')"
- tags: always
-
- ## Let's make sure nodename gets set using our Sepia hostnames if the builder's in Sepia
- - set_fact:
- nodename: "{{ ansible_hostname }}"
- with_items: "{{ ansible_all_ipv4_addresses }}"
- when: "item.startswith('172.21.')"
- tags: always
-
- ## EPHEMERAL SLAVE TASKS
- # We would occasionally have issues with name resolution on the Ephemeral slaves
- # so we force them to use Google's DNS servers. This has to be done before
- # package-related tasks to avoid communication errors with various repos.
- - name: Ephemeral Slave Tasks
- block:
- - name: Uninstall resolvconf on Ubuntu to manually manage resolv.conf
- apt:
- name: resolvconf
- state: absent
- when: ansible_os_family == "Debian"
-
- - name: Check for NetworkManager conf
- stat:
- path: /etc/NetworkManager/NetworkManager.conf
- register: nm_conf
-
- - name: Tell NetworkManager to leave resolv.conf alone on CentOS
- lineinfile:
- dest: /etc/NetworkManager/NetworkManager.conf
- regexp: '^dns='
- line: 'dns=none'
- state: present
- when: ansible_os_family == "RedHat" and nm_conf.stat.exists
-
- - name: Tell dhclient to leave resolv.conf alone on Ubuntu
- lineinfile:
- dest: /etc/dhcp/dhclient.conf
- regexp: 'prepend domain-name-servers'
- line: 'supersede domain-name-servers 8.8.8.8;'
- state: present
- when: ansible_os_family == "Debian"
-
- - name: Use Google DNS for name resolution
- lineinfile:
- dest: /etc/resolv.conf
- regexp: '^nameserver'
- line: 'nameserver 8.8.8.8'
- state: present
-
- - name: Set Hostname with hostname command
- hostname:
- name: "ceph-builders"
- when: ansible_os_family != "Suse"
-
- # https://github.com/ansible/ansible/issues/42726
- - name: Set Hostname on OpenSUSE Leap
- command: 'hostname ceph-builders'
- when: ansible_os_family == "Suse"
-
- - name: Ensure that 127.0.1.1 is present with an actual hostname
- lineinfile:
- backup: yes
- dest: /etc/hosts
- line: '127.0.1.1 ceph-builders'
-
- - name: Update etc cloud templates for debian /etc/hosts
- lineinfile:
- backup: yes
- dest: /etc/cloud/templates/hosts.debian.tmpl
- line: '127.0.1.1 ceph-builders'
- when: ansible_os_family == "Debian"
-
- - name: Update /etc/cloud templates for Red Hat /etc/hosts
- lineinfile:
- backup: yes
- dest: /etc/cloud/templates/hosts.redhat.tmpl
- line: '127.0.1.1 ceph-builders'
- failed_when: false
- when: ansible_os_family == "RedHat"
-
- - name: Update /etc/cloud templates for Suse /etc/hosts
- lineinfile:
- backup: yes
- dest: /etc/cloud/templates/hosts.suse.tmpl
- line: '127.0.1.1 ceph-builders'
- failed_when: false
- when: ansible_os_family == "Suse"
-
- - name: Stop and disable daily apt activities
- command: "{{ item }}"
- with_items:
- - systemctl stop apt-daily.timer
- - systemctl disable apt-daily.timer
- - systemctl disable apt-daily.service
- - systemctl daemon-reload
- when: ansible_os_family == "Debian"
- # Just in case. This isn't a super important task and might not even be required.
- ignore_errors: true
- when: not permanent|bool
-
- ## VAGRANT REPO TASKS (for libvirt slaves)
- # vagrant doesn't have repositories, this chacra repo will be better to have
- # around and can get updates as soon as a new vagrant version is published via
- # chacractl
- - name: Vagrant/Libvirt Repo Tasks
- block:
- - name: Add our vagrant DEB repository
- apt_repository:
- repo: "deb [trusted=yes] https://chacra.ceph.com/r/vagrant/latest/HEAD/ubuntu/{{ ansible_distribution_release }}/flavors/default/ {{ ansible_distribution_release }} main"
- state: present
- when: ansible_os_family == "Debian"
-
- - name: Add our vagrant RPM repository
- yum_repository:
- name: vagrant
- description: self-hosted vagrant repo
- # Although this is a 'CentOS7' repo, the vagrant RPM is OS-version agnostic
- baseurl: "https://chacra.ceph.com/r/vagrant/latest/HEAD/centos/7/flavors/default/x86_64/"
- enabled: yes
- gpgcheck: no
- when: ansible_os_family == "RedHat"
- when: libvirt|bool
-
- ## PACKAGE INSTALLATION TASKS
- # We do this in one big task to save time and avoid using `with` loops. If a variable isn't defined, it's fine because of the |defaults.
- - name: Install DEBs
- apt:
- name: "{{ universal_debs + libvirt_debs|default([]) + python2_debs|default([]) + python3_debs|default([]) + [ chroot_deb|default('') ] }}"
- state: latest
- update_cache: yes
- when: ansible_os_family == "Debian"
-
- # Sometimes, slaves would connect to Jenkins and try to run an apt transaction right away. Except apt-daily/unattended-upgrades has the dpkg lock so the Jenkins job would fail.
- - name: Uninstall unattended-upgrades
- package:
- name: unattended-upgrades
- state: absent
- when: ansible_os_family == "Debian"
-
- - name: Install EPEL repo
- yum:
- name: epel-release
- state: latest
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int <= 8
-
- - name: Install RPMs without EPEL
- yum:
- name: "{{ universal_rpms + libvirt_rpms|default([]) + lsb_package|default([]) }}"
- state: present
- disablerepo: epel
- when: ansible_os_family == "RedHat"
-
- - name: Install RPMs with EPEL
- yum:
- name: "{{ epel_rpms|default([]) }}"
- state: latest
- enablerepo: epel
- when: ansible_os_family == "RedHat"
-
- - name: Install Suse RPMs
- zypper:
- name: "{{ zypper_rpms + zypper_libvirt_rpms|default([]) }}"
- state: latest
- update_cache: yes
- when: ansible_os_family == "Suse"
-
- ## JENKINS USER TASKS
- - set_fact:
- jenkins_groups:
- - "{{ jenkins_user }}"
- - libvirtd
- when:
- - ansible_os_family == "Debian"
- - ansible_distribution_version == '16.04'
- - libvirt|bool
-
- # The group name changed to 'libvirt' in Ubuntu 16.10 and is already 'libvirt' everywhere else
- - set_fact:
- jenkins_groups:
- - "{{ jenkins_user }}"
- - libvirt
- when:
- - not (ansible_os_family == "Debian" and ansible_distribution_version == '16.04')
- - libvirt|bool
-
- - name: "Create a {{ jenkins_user }} group"
- group:
- name: "{{ jenkins_user }}"
- state: present
-
- - name: "Create a {{ jenkins_user }} user"
- user:
- name: "{{ jenkins_user }}"
- # This will add to the jenkins_user and appropriate libvirt group if jenkins_groups is defined.
- # Otherwise, default to just adding to {{ jenkins_user }} group.
- groups: "{{ jenkins_groups|default(jenkins_user) }}"
- state: present
- comment: "Jenkins Build Slave User"
-
- - name: "Add {{ jenkins_user }} to mock group"
- user:
- name: "{{ jenkins_user }}"
- groups: mock
- append: yes
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int <= 8
-
- - name: "Create a {{ jenkins_user }} home directory"
- file:
- path: "/home/{{ jenkins_user }}/"
- state: directory
- owner: "{{ jenkins_user }}"
-
- - name: Create .ssh directory
- file:
- path: "/home/{{ jenkins_user }}/.ssh"
- state: directory
- owner: "{{ jenkins_user }}"
-
- # On a mita/prado provisioned slave, everything gets put into a 'playbook' dir.
- # Otherwise it can be found in files/ssh/...
- - set_fact:
- jenkins_key: "{{ lookup('first_found', key_locations) }}"
- vars:
- key_locations:
- - "playbook/files/ssh/keys/jenkins_build.pub"
- - "files/ssh/keys/jenkins_build.pub"
-
- # And worst case scenario, we just pull the key from github.
- - name: Set the authorized keys
- authorized_key:
- user: "{{ jenkins_user }}"
- key: "{{ lookup('file', '{{ jenkins_key }}')|default('https://raw.githubusercontent.com/ceph/ceph-build/master/ansible/files/ssh/keys/jenkins_build.pub') }}"
-
- - name: "Ensure {{ jenkins_user }} can sudo without a prompt"
- lineinfile:
- dest: /etc/sudoers
- regexp: '^{{ jenkins_user }} ALL'
- line: '{{ jenkins_user }} ALL=(ALL:ALL) NOPASSWD:ALL'
- validate: 'visudo -cf %s'
- when: grant_sudo|bool
-
- - name: Set utf-8 for LC_ALL
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LC_ALL='
- line: "export LC_ALL=en_US.UTF-8"
- create: true
- state: present
-
- - name: Set utf-8 for LANG
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LANG='
- line: "export LANG=en_US.UTF-8"
-
- - name: Set utf-8 for LANGUAGE
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.bashrc"
- regexp: '^export LANGUAGE='
- line: "export LANGUAGE=en_US.UTF-8"
-
- - name: Ensure the build dir exists
- file:
- path: "/home/{{ jenkins_user }}/build"
- state: directory
- owner: "{{ jenkins_user }}"
-
- - name: Create .config/osc directory
- file:
- path: "/home/{{ jenkins_user }}/.config/osc"
- state: directory
- owner: "{{ jenkins_user }}"
- when: ansible_os_family == "Suse"
-
- - name: Add oscrc file
- blockinfile:
- create: yes
- block: |
- [general]
- apiurl = https://api.opensuse.org
- build-root = /home/{{ jenkins_user }}/osc/%(repo)s-%(arch)s
- [https://api.opensuse.org]
- user = {{ osc_user }}
- pass = {{ osc_pass }}
- path: "/home/{{ jenkins_user }}/.config/osc/oscrc"
- become_user: "{{ jenkins_user }}"
- when: ansible_os_family == "Suse"
-
- - name: Ensure the home dir has the right owner permissions
- file:
- path: "/home/{{ jenkins_user }}"
- state: directory
- owner: "{{ jenkins_user }}"
- group: "{{ jenkins_user }}"
- recurse: yes
- follow: no
-
- ## DEBIAN GPG KEY TASKS
- - name: Install Debian GPG Keys on Ubuntu
- block:
- - name: Add the Debian Buster Key
- apt_key:
- id: 3CBBABEE
- url: https://ftp-master.debian.org/keys/archive-key-10.asc
- keyring: /etc/apt/trusted.gpg
- state: present
-
- - name: Add the Debian Security Buster Key
- apt_key:
- id: CAA96DFA
- url: https://ftp-master.debian.org/keys/archive-key-10-security.asc
- keyring: /etc/apt/trusted.gpg
- state: present
-
- - name: Add the Debian Buster Stable Key
- apt_key:
- id: 77E11517
- url: https://ftp-master.debian.org/keys/release-10.asc
- keyring: /etc/apt/trusted.gpg
- state: present
- when: ansible_os_family == "Debian"
-
- ## VAGRANT PLUGIN TASKS
- - name: Install vagrant-libvirt plugin
- block:
- - name: Install the vagrant-libvirt plugin (without args)
- shell: vagrant plugin install vagrant-libvirt --plugin-version 0.3.0
- become_user: "{{ jenkins_user }}"
- when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int <= 7) or
- (ansible_os_family == "Debian" and ansible_distribution_major_version|int <= 18)
-
- - name: Install packages needed to build krb5 from source (EL8)
- dnf:
- name: "{{ hackery_packages }}"
- state: present
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8
-
- - name: Build krb5 library from source (EL8)
- shell: |
- cd $(mktemp -d)
- wget https://vault.centos.org/8.4.2105/BaseOS/Source/SPackages/krb5-1.18.2-8.el8.src.rpm
- rpm2cpio krb5-1.18.2-8.el8.src.rpm | cpio -imdV
- tar xf krb5-1.18.2.tar.gz; cd krb5-1.18.2/src
- LDFLAGS='-L/opt/vagrant/embedded/' ./configure
- make
- sudo cp lib/libk5crypto.* /opt/vagrant/embedded/lib/
- wget https://vault.centos.org/8.4.2105/BaseOS/Source/SPackages/libssh-0.9.4-2.el8.src.rpm
- rpm2cpio libssh-0.9.4-2.el8.src.rpm | cpio -imdV
- tar xf libssh-0.9.4.tar.xz
- mkdir build
- cd build
- cmake ../libssh-0.9.4 -DOPENSSL_ROOT_DIR=/opt/vagrant/embedded/
- make
- cp lib/libssh* /opt/vagrant/embedded/lib64
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8
-
- # https://github.com/vagrant-libvirt/vagrant-libvirt/issues/1127#issuecomment-713651332
- - name: Install the vagrant-libvirt plugin (EL8)
- command: vagrant plugin install vagrant-libvirt --plugin-version 0.3.0
- become_user: "{{ jenkins_user }}"
- environment:
- CONFIGURE_ARGS: 'with-ldflags=-L/opt/vagrant/embedded/lib with-libvirt-include=/usr/include/libvirt with-libvirt-lib=/usr/lib'
- GEM_HOME: '~/.vagrant.d/gems'
- GEM_PATH: '$GEM_HOME:/opt/vagrant/embedded/gems'
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8
-
- - name: Install the vagrant-libvirt plugin (Suse)
- command: vagrant plugin install vagrant-libvirt
- become_user: "{{ jenkins_user }}"
- environment:
- CONFIGURE_ARGS: 'with-libvirt-include=/usr/include/libvirt with-libvirt-lib=/usr/lib64'
- when: ansible_os_family == "Suse"
-
- - name: Install the vagrant-libvirt plugin (Focal)
- command: vagrant plugin install vagrant-libvirt
- become_user: "{{ jenkins_user }}"
- environment:
- CONFIGURE_ARGS: 'with-libvirt-include=/usr/include/libvirt with-libvirt-lib=/usr/lib'
- when: ansible_os_family == "Debian" and ansible_distribution_major_version|int >= 20
- when: libvirt|bool
-
- ## RPMMACROS TASKS
- - name: rpmmacros Tasks
- block:
- - name: Ensure the rpmmacros file exists to fix centos builds
- file:
- path: "/home/{{ jenkins_user }}/.rpmmacros"
- owner: "{{ jenkins_user }}"
- state: touch
-
- - name: Write the rpmmacros needed in centos
- lineinfile:
- dest: "/home/{{ jenkins_user }}/.rpmmacros"
- regexp: '^%dist'
- line: '%dist .el{{ ansible_distribution_major_version }}'
- when: ansible_os_family == "RedHat"
-
- ## tmpwatch/tmpreaper TASKS
- - name: tmpwatch/tmpreaper Tasks
- block:
- # In case we're running 'ansible-playbook --tags tmp'
- - name: "Make sure {{ tmp_cleaner_name }} is installed"
- package:
- name: "{{ tmp_cleaner_name }}"
- state: present
-
- - name: Disable tmpreaper cron.daily timer
- file:
- path: /etc/cron.daily/tmpreaper
- state: absent
- when: ansible_os_family == "Debian"
-
- - name: Create tmp cleaning cronjob
- cron:
- name: "Delete /tmp files that have not been accessed in 14 days"
- special_time: daily
- job: "{{ tmp_cleaner_name }} {{ tmp_cleaner_args }}"
- when: permanent|bool
- tags: tmp
-
- ## GITCONFIG TASKS
- - name: Ensure the gitconfig file exists
- shell: printf "[user]\name=Ceph CI\nemail=ceph-release-team@redhat.com\n" > /home/{{ jenkins_user }}/.gitconfig
- tags: github
-
- - name: Ensure the gitconfig file has right permissions
- file:
- path: "/home/{{ jenkins_user }}/.gitconfig"
- owner: "{{ jenkins_user }}"
- tags: github
-
- # On a mita/prado provisioned slave, everything gets put into a 'playbook' dir.
- # If all else fails, get it from github (using the |default)
- - set_fact:
- github_key: "{{ lookup('first_found', key_locations) }}"
- vars:
- key_locations:
- # github.com.pub is the output of `ssh-keyscan github.com`
- - "playbook/files/ssh/hostkeys/github.com.pub"
- - "files/ssh/hostkeys/github.com.pub"
- tags: github
-
- - name: Add github.com host key
- known_hosts:
- name: github.com
- path: '/etc/ssh/ssh_known_hosts'
- key: "{{ lookup('file', '{{ github_key }}')|default('https://raw.githubusercontent.com/ceph/ceph-build/master/ansible/files/ssh/hostkeys/github.com.pub') }}"
- tags: github
-
- ## PIP TASKS
- - set_fact:
- pip_version: pip
- ansible_python_interpreter: /usr/bin/python
- when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int <= 7) or
- (ansible_os_family == "Debian" and ansible_distribution_major_version|int <= 16)
- tags:
- - register
-
- - set_fact:
- pip_version: pip3
- ansible_python_interpreter: /usr/bin/python3
- when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8) or
- (ansible_os_family == "Debian" and ansible_distribution_major_version|int >= 18) or
- ansible_os_family == "Suse"
- tags:
- - register
-
- - name: Install six, latest one
- pip:
- name: six
- state: latest
- executable: "{{ pip_version }}"
- when: ansible_os_family != "Suse"
- tags:
- - register
-
- - name: Install python-jenkins
- # https://review.openstack.org/460363
- pip:
- name: python-jenkins
- version: 0.4.15
- executable: "{{ pip_version }}"
- tags:
- - register
-
- ## LIBVIRT SERVICE TASKS
- - name: start libvirt services
- service:
- name: "{{ item }}"
- state: restarted
- with_items:
- - libvirtd
- - libvirt-guests
- when: libvirt|bool
-
- ## CONTAINER SERVICE TASKS
- - name: Container Tasks
- block:
- - name: "Create {{ container_certs_path }}"
- file:
- path: "{{ container_certs_path }}"
- state: directory
-
- - name: "Copy {{ container_mirror }} self-signed cert"
- copy:
- dest: "{{ container_certs_path }}/docker-mirror.crt"
- content: |
- -----BEGIN CERTIFICATE-----
- MIIGRTCCBC2gAwIBAgIUPCTsbv8FMCQdzmusdvXTdO8UaKMwDQYJKoZIhvcNAQEL
- BQAwgbExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEUMBIGA1UEBwwLTW9ycmlz
- dmlsbGUxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xDTALBgNVBAsMBENlcGgxKzAp
- BgNVBAMMImRvY2tlci1taXJyb3IuZnJvbnQuc2VwaWEuY2VwaC5jb20xKzApBgkq
- hkiG9w0BCQEWHGNlcGgtaW5mcmEtYWRtaW5zQHJlZGhhdC5jb20wHhcNMjAxMTEy
- MDAwMjM1WhcNMjAxMjEyMDAwMjM1WjCBsTELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
- Ak5DMRQwEgYDVQQHDAtNb3JyaXN2aWxsZTEWMBQGA1UECgwNUmVkIEhhdCwgSW5j
- LjENMAsGA1UECwwEQ2VwaDErMCkGA1UEAwwiZG9ja2VyLW1pcnJvci5mcm9udC5z
- ZXBpYS5jZXBoLmNvbTErMCkGCSqGSIb3DQEJARYcY2VwaC1pbmZyYS1hZG1pbnNA
- cmVkaGF0LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALUfPWaA
- Gyuu+McgrPmPBafco3NjOQ2Na8rfLA5X0pz1tTfWgmtwuzhgKR674Nh6yz1WKXmS
- ic5416dSx6r8NnBXkPSVLP3HlejPki1ohrqm9M1rXdPqvdmzV5TcRvmmLljo1IjI
- Glwhv+XjJlKPLOUmi4Yk8cmgwVThc9OGC67sve2oDY0+JufFdiMPB5OLi13t9vPz
- lixFzHXsss4KgD95Ou2PVLQpPCJ4Bxyar5BR0sb4+b2J0b3V3sxg/bvuOdlUuxAy
- yCogtCTVXCBsERJ3wVI28MsibfBy+tLbNMbIJTZC+LblFOKfxbNiLGNv6z2NQ12h
- S9C3YCxmgs8b3h9dkQtTj0/7/kpOppLPTvU9v/MOt177biTlbw8QQAjYyZYdXkZT
- 6LwdQmQQGCIQUUaMoeZgIplxEu7My1Gk3M2dfy/c36+r/olfbuTxPav2y9/wwjV2
- 2TrmbSTrAxZwFVvlb9wJCpW6jKh+Cl55XS4wFmEdgf5OJC8W2Rsa69pUmFnro+2z
- d6zXlDXj5lxdqwSu6FF/PkImToUJ2J9hvotejIdRIJ/TfowwVygqC9k3wgRDYRut
- q/tmorElTMDmwt1sATuvK81WkTZ28d3hcg5Xu9o1qwCQnKRHUeOOyP4M6c0lSvLb
- lkZsptmUHyslGBlc9MOd6kH4REZH9x2pga2nAgMBAAGjUzBRMB0GA1UdDgQWBBSk
- 4Vk1KYHJ4VmDAorKCtSx5RVD7TAfBgNVHSMEGDAWgBSk4Vk1KYHJ4VmDAorKCtSx
- 5RVD7TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBYaG8PFoE5
- PSdIwjT2NRV0ARC+xkM/P8Vo4H2tYewSz/wGwdfjpz7NJD/os6Tiff6BWBaD75t0
- 2X2MLXeGT2vOJ05hoETCJ1PqHSSlBXkH8De925lGfz4lTeS0gz6qZuEWxeN0Utib
- 5Q3hq7OByS6I8L5kE6L9acFzKqbIOtJOWXXx9J4B7GEUoE+Jk5Vm6yfH4AeGhEbT
- bQ8J5FbP+zk6iPkXGQdb/3aUBbOCn5OCSmERcTPyK9XzuyBz6wkFjZ9PAvbFLvOI
- bD1KGIte1Np4jrM4ur924vjZTxm+wVKFDNS64J8t48yN2LUS2pV2zfwC6ACHypf4
- WhsGpd1hNy+ZGt0dIrgRgKkttNx5VoVaLgzn3ozFz5BXbdHRCXV2BmY36QDzGQqw
- 2BdKeJ/7INdB9NkGSkJYTvkNAS9YixqATxNsaOMt35HRADUlPQoUqzxIEujJzYdz
- LVpzeTMNDxASqDG1MRIjNDp6l2xgC+H5wVpm5wn4eGvf4A7GXr35Q1TNRzmHayiP
- FBp0Epiy+oFS1Xd/WQvMHCQMT4HoKSGf5u0++DpU1E5vN29vrxIOZ4+a9a5kZA95
- QnsemvTiYf3C1xktkYR9AmUqYqCDTp/5nfqbQibRO0Chpy5UnhAXujkL0ABeaSaz
- MViiJ2AX7vk2E++MXkBhi4IMyz0Vw2lPhg==
- -----END CERTIFICATE-----
- when: ansible_os_family == "RedHat"
-
- ## JENKINS SLAVE AGENT TASKS
- # We use SSH for ephemeral slaves
- - name: Register ephemeral slave using SSH
- jenkins_node:
- username: "{{ api_user }}"
- uri: "{{ api_uri }}"
- password: "{{ token }}"
- # relies on a convention to set a unique name that allows a reverse
- # mapping from Jenkins back to whatever service created the current
- # node
- name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
- labels: "{{ labels }}"
- host: "{{ ansible_default_ipv4.address }}"
- credentialsId: "{{ jenkins_credentials_uuid }}"
- remoteFS: '/home/{{ jenkins_user }}/build'
- executors: '{{ executors|default(1) }}'
- exclusive: true
- when: not permanent|bool
- tags: register
-
- - name: Register Permanent Slave
- block:
- - name: Register permenant slave using JNLP
- jenkins_node:
- username: "{{ api_user }}"
- uri: "{{ api_uri }}"
- password: "{{ token }}"
- # relies on a convention to set a unique name that allows a reverse
- # mapping from Jenkins back to whatever service created the current
- # node
- name: "{{ ansible_default_ipv4.address }}+{{ ansible_hostname }}"
- labels: "{{ labels }}"
- host: "{{ ansible_default_ipv4.address }}"
- credentialsId: "{{ jenkins_credentials_uuid }}"
- launcher: 'hudson.slaves.JNLPLauncher'
- remoteFS: '/home/{{ jenkins_user }}/build'
- executors: '{{ executors|default(1) }}'
- exclusive: true
-
- - name: Download slave.jar
- get_url:
- url: "{{ api_uri }}/jnlpJars/slave.jar"
- dest: "/home/{{ jenkins_user }}/slave.jar"
- force: yes
- register: jar_changed
-
- - name: Install the systemd unit files for jenkins
- template:
- src: "templates/systemd/jenkins.{{ item }}.j2"
- dest: "/etc/systemd/system/jenkins.{{ item }}"
- with_items:
- - service
- - secret
- register: unit_files_changed
-
- - name: Reload systemd unit files (to pick up potential changes)
- systemd:
- daemon_reload: yes
-
- - name: Start jenkins service
- service:
- name: jenkins
- state: started
- enabled: yes
-
- - name: REstart jenkins service (if necessary)
- service:
- name: jenkins
- state: restarted
- enabled: yes
- when: jar_changed is changed or unit_files_changed is changed
- when: permanent|bool
- tags: register
host:
description:
- - hostname or IP for the host to connect to the slave
+ - hostname or IP for the host to connect to the builder
requirements: ['python-jenkins']
author:
- hosts: localhost
vars:
- # should be passed in the CLI like `--extra-vars "version=1.23.45 branch=master"`
+ # should be passed in the CLI like `--extra-vars "version=1.23.45 branch=main"`
version: 0-dev # e.g. 0.78
- branch: master # any existing branch on Github
+ branch: main # any existing branch on Github
release: STABLE # STABLE, RELEASE_CANDIDATE, HOTFIX, and SECURITY are valid options
tag_name: "v{{ version}}"
project: "ceph"
ansible-jenkins
===============
-This role will allow you to install a new Jenkins master from scratch or manage an existing instance.
+This role will allow you to install a new Jenkins server from scratch or manage an existing instance.
It assumes the following:
Initial Installation
--------------------
-To set up a new Jenkins master from scratch:
+To set up a new Jenkins server from scratch:
1. ``cd ceph-build/ansible``
-2. ``cp examples/master.yml .``
-3. ``ansible-playbook master.yml --limit="new.jenkins.example.com" --extra-vars="{github_oauth_client: 'foo',github_oauth_secret: 'bar'}"``
-4. Continue with https://github.com/ceph/ceph-sepia-secrets/blob/master/jenkins-master.rst
+2. ``cp examples/controller.yml .``
+3. ``ansible-playbook controller.yml --limit="new.jenkins.example.com" --extra-vars="{github_oauth_client: 'foo',github_oauth_secret: 'bar'}"``
+4. Continue with https://github.com/ceph/ceph-sepia-secrets/blob/main/jenkins-controller.rst
</userRemoteConfigs>
<branches>
<hudson.plugins.git.BranchSpec>
- <name>master</name>
+ <name>main</name>
</hudson.plugins.git.BranchSpec>
</branches>
<excludedUsers/>
-examples/slave.yml
\ No newline at end of file
+builder.yml
\ No newline at end of file
+++ /dev/null
-[rpm]
-jenkins-centos6-5.front.sepia.ceph.com
-jenkins-centos7.front.sepia.ceph.com
-jenkins-centos6-5b.front.sepia.ceph.com
-jenkins-centos7b.front.sepia.ceph.com
-
-[deb]
-mira062.front.sepia.ceph.com
- project:
name: ceph-ansible-prs-braggi-adami
- slave_labels: 'vagrant && libvirt && (braggi||adami)'
+ builder_labels: 'vagrant && libvirt && (braggi||adami)'
distribution:
- centos
deployment:
- project:
name: ceph-ansible-prs
- slave_labels: 'vagrant && libvirt && (smithi || braggi || centos8)'
+ builder_labels: 'vagrant && libvirt && (smithi || braggi || centos8)'
distribution:
- centos
deployment:
- project:
name: ceph-ansible-prs-docker2podman
- slave_labels: 'vagrant && libvirt && (smithi || braggi || centos8)'
+ builder_labels: 'vagrant && libvirt && (smithi || braggi || centos8)'
distribution:
- centos
deployment:
- project:
name: ceph-ansible-prs-cephadm
- slave_labels: 'vagrant && libvirt && (adami || braggi)'
+ builder_labels: 'vagrant && libvirt && (adami || braggi)'
distribution:
- centos
deployment:
- project:
name: ceph-ansible-prs-purge-dashboard
- slave_labels: 'vagrant && libvirt && (adami || braggi)'
+ builder_labels: 'vagrant && libvirt && (adami || braggi)'
distribution:
- centos
deployment:
- project:
name: ceph-ansible-prs-common-trigger
- slave_labels: 'vagrant && libvirt && (smithi || braggi || centos8)'
+ builder_labels: 'vagrant && libvirt && (smithi || braggi || centos8)'
distribution:
- centos
deployment:
- job-template:
name: 'ceph-ansible-prs-{distribution}-{deployment}-{scenario}'
id: 'ceph-ansible-prs-auto'
- node: '{slave_labels}'
+ node: '{builder_labels}'
concurrent: true
defaults: global
display-name: 'ceph-ansible: Pull Requests [{distribution}-{deployment}-{scenario}]'
- job-template:
name: 'ceph-ansible-prs-{distribution}-{deployment}-{scenario}'
id: 'ceph-ansible-prs-common-trigger'
- node: '{slave_labels}'
+ node: '{builder_labels}'
concurrent: true
defaults: global
display-name: 'ceph-ansible: Pull Requests [{distribution}-{deployment}-{scenario}]'
}
function main() {
- # install some of our dependencies if running on a jenkins slave
+ # install some of our dependencies if running on a jenkins builder
if [[ -n "$HUDSON_URL" ]]
then
sudo yum -y install epel-release
}
function main() {
- # install some of our dependencies if running on a jenkins slave
+ # install some of our dependencies if running on a jenkins builder
if [[ -n "$HUDSON_URL" ]]
then
sudo yum -y install epel-release
- job:
name: ceph-dev-build
- node: master
+ node: controller
project-type: matrix
defaults: global
display-name: 'ceph-dev-build'
- job:
name: 'ceph-dev-cron'
- node: master
+ node: controller
project-type: freestyle
defaults: global
concurrent: true
- job:
name: ceph-dev-new-build
- node: master
+ node: controller
project-type: matrix
defaults: global
display-name: 'ceph-dev-new-build'
- job:
name: ceph-dev-new-trigger
- node: master
+ node: controller
project-type: freestyle
defaults: global
quiet-period: 5
- job:
name: ceph-dev-new
description: 'This job builds branches from https://github.com/ceph/ceph-ci for testing purposes.'
- node: master
+ node: controller
project-type: multijob
defaults: global
concurrent: true
- job:
disabled: true
name: ceph-dev-trigger
- node: master
+ node: controller
project-type: freestyle
defaults: global
quiet-period: 5
- job:
name: ceph-dev
description: 'This job builds branches from https://github.com/ceph/ceph for testing purposes.'
- node: master
+ node: controller
project-type: multijob
defaults: global
concurrent: true
- job:
name: ceph-iscsi-cli-trigger
- node: master
+ node: controller
project-type: freestyle
defaults: global
quiet-period: 5
- job:
name: ceph-iscsi-config-trigger
- node: master
+ node: controller
project-type: freestyle
defaults: global
quiet-period: 5
- job:
name: ceph-iscsi-tools-trigger
- node: master
+ node: controller
project-type: freestyle
defaults: global
quiet-period: 5
- job:
name: ceph-iscsi-trigger
- node: master
+ node: controller
project-type: freestyle
defaults: global
quiet-period: 5
- job:
name: ceph-pr-arm-trigger
- node: master
+ node: controller
# disabled for now because this is not passing the right BRANCH to
# `ceph-dev` which causes failures there
disabled: true
- job:
name: kernel-trigger
- node: master
+ node: controller
project-type: freestyle
defaults: global
quiet-period: 5
- job:
name: mita-deploy
- node: master
+ node: controller
description: "This job clones mita and deploys it to its production server based on the BRANCH value"
display-name: 'mita-deploy'
block-downstream: false
sudo yum-config-manager --enable PowerTools || sudo yum-config-manager --enable powertools
fi
-# Clean up Jenkins slave before each build
+# Clean up Jenkins builder before each build
sudo rm -rf /var/cache/yum/*
sudo yum -y clean all
sudo yum -y remove librgw-devel librgw2 librados-devel librados3 libcephfs-devel libcephfs2
# 2.6 and 2.7)
#
# These job-specific requirements aren't met by the services in charge of
-# creating slaves (mainly prado.ceph.com) because those slaves have "generic"
+# creating Jenkins builders (mainly prado.ceph.com) because those slaves have "generic"
# requirements and usually do not care about specific needs like Python 2.6
cd "$WORKSPACE/ceph-build/ceph-deploy-pull-requests/setup/playbooks"
- job:
name: rtslib-fb-trigger
- node: master
+ node: controller
project-type: freestyle
defaults: global
quiet-period: 5
- job:
name: samba-trigger
- node: master
+ node: controller
project-type: freestyle
defaults: global
quiet-period: 5
mkdir -p $PIP_SDIST_INDEX
# We started pinning pip to 10.0.0 as the default to prevent mismatching
- # versions on non-ephemeral slaves. Some jobs require different or latest
+ # versions on non-ephemeral Jenkins builders. Some jobs require different or latest
# pip though so these if statements allow for that.
# Updated to 20.3.4 in March 2021 because 10.0.0 is just too old.
if [ "$2" == "latest" ]; then
export LC_ALL=en_US.UTF-8
# We started pinning pip to 10.0.0 as the default to prevent mismatching
- # versions on non-ephemeral slaves. Some jobs require different or latest
+ # versions on non-ephemeral Jenkins builders. Some jobs require different or latest
# pip though so these if statements allow for that.
# Updated to 20.3.4 in March 2021 because 10.0.0 is just too old.
if [ "$2" == "latest" ]; then
else
# this assumes that newer Debian releases are being added to
# /etc/apt/trusted.gpg that is also the default location for Ubuntu trusted
- # keys. The slave should ensure that the needed keys are added accordingly
+ # keys. The Jenkins builder should ensure that the needed keys are added accordingly
# to this location.
debootstrapopts='DEBOOTSTRAPOPTS=( "--keyring" "/etc/apt/trusted.gpg" )'
fi
sudo service libvirt-guests restart
}
-# Function to update vagrant boxes on static libvirt slaves used for ceph-ansible and ceph-docker testing
+# Function to update vagrant boxes on static libvirt Jenkins builders used for ceph-ansible and ceph-docker testing
update_vagrant_boxes() {
outdated_boxes=`vagrant box outdated --global | grep 'is outdated' | awk '{ print $2 }' | tr -d "'"`
if [ -n "$outdated_boxes" ]; then
# this is meant to be run in a testing scenario directory
# with running vagrant vms. the ansible playbook will connect
# to your test nodes and fetch any ceph logs that are present
- # in /var/log/ceph and store them on the jenkins slave.
+ # in /var/log/ceph and store them on the jenkins builder.
# these logs can then be archived using the JJB archive publisher
limit=$1
- job:
name: tcmu-runner-trigger
- node: master
+ node: controller
project-type: freestyle
defaults: global
quiet-period: 5
projects / ceph-build.git / commitdiff