From: Andrew Schoen <aschoen@redhat.com>
Date: Tue, 13 Sep 2016 19:55:20 +0000 (-0500)
Subject: ansible: adds an example playbook for configuring static slaves
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=ca9a70f3d1119562b0dfbf844cd63c0c4a8bbf31;p=ceph-build.git

ansible: adds an example playbook for configuring static slaves

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
---

diff --git a/ansible/examples/slave_static.yml b/ansible/examples/slave_static.yml
new file mode 100644
index 00000000..4b02eab6
--- /dev/null
+++ b/ansible/examples/slave_static.yml
@@ -0,0 +1,283 @@
+---
+# This playbook is used to configure static jenkins slaves. It uses
+# a hosts file so that nodename can be set per host.
+#
+# install python2.7 on xenial nodes
+- hosts: all
+  sudo: yes
+# this will most likely need changed
+  user: admin 
+  gather_facts: false
+  tasks:
+    - name: install python-simplejson
+      raw: sudo apt-get -y install python-simplejson
+      # so that this is ignored on rpm nodes
+      failed_when: false
+
+- hosts: all
+  sudo: true
+# this will most likely need changed
+  user: admin 
+  vars:
+   - jenkins_user: 'jenkins-build'
+   # jenkins API credentials:
+   - api_user: 'ceph-jenkins'
+   - token: '{{ token }}'
+   - api_uri: 'https://jenkins.ceph.com'
+   # this is set in the hosts file
+   # - nodename: '{{ nodename }}'
+   - labels: '{{ labels }}'
+   - use_jnlp: true 
+
+  tasks:
+    - name: create a {{ jenkins_user }} user
+      user: name={{ jenkins_user }} comment="Jenkins Build Slave User"
+
+    - name: create a {{ jenkins_user }} home directory
+      file:
+        path: "/home/{{ jenkins_user }}/"
+        state: directory
+        owner: "{{ jenkins_user }}"
+
+    - name: Create .ssh directory
+      file:
+        path: "/home/{{ jenkins_user }}/.ssh"
+        state: directory
+        owner: "{{ jenkins_user }}"
+
+    - name: set the authorized keys
+      authorized_key: user={{ jenkins_user }} key="{{ lookup('file', 'files/ssh/keys/jenkins_build.pub') }}"
+
+    - name: ensure {{ jenkins_user }} can sudo without a prompt
+      sudo: yes
+      lineinfile:
+        dest: /etc/sudoers
+        regexp: '^{{ jenkins_user }} ALL'
+        line: '{{ jenkins_user }}   ALL=(ALL:ALL) NOPASSWD:ALL'
+        validate: 'visudo -cf %s'
+
+    - name: ensure the build dir exists
+      file: path=/home/{{ jenkins_user }}/build state=directory owner={{ jenkins_user }}
+
+    - name: ensure the home dir has the right owner permissions
+      file: path=/home/{{ jenkins_user }} state=directory owner={{ jenkins_user }} group={{ jenkins_user }} recurse=yes
+
+    # smithi nodes do not have epel repos
+    - name: install an yum epel repo
+      sudo: yes
+      template:
+        src: "templates/yum-repos/epel.repo"
+        dest: "/etc/yum.repos.d/epel.repo"
+        owner: root
+        group: root
+        mode: 0644
+      when: ansible_pkg_mgr  == "yum"
+
+    - name: Install RPM requirements
+      sudo: yes
+      yum:
+        name: "{{ item }}"
+        state: present
+        update_cache: yes
+      with_items:
+        - createrepo
+        - epel-release
+        - java-1.7.0-openjdk
+        - git
+        - python-pip
+        - python-virtualenv
+        - libtool
+        #- rpm-sign
+        - autoconf
+        - redhat-lsb-core
+        - automake
+        - binutils
+        - bison
+        - flex
+        - gcc
+        - gcc-c++
+        - gettext
+        - libtool
+        - make
+        - patch
+        - pkgconfig
+        - redhat-rpm-config
+        - rpm-build
+        - rpmdevtools
+        - openssl-devel
+        - libffi-devel
+      when: ansible_pkg_mgr  == "yum"
+
+    # Run the equivalent of "apt-get update" as a separate step
+    - apt: update_cache=yes
+      when: ansible_pkg_mgr  == "apt"
+
+    - name: Install DEB requirements
+      sudo: yes
+      apt: name={{ item }} state=present
+      with_items:
+        - git
+        - fakeroot
+        - fakeroot-ng
+        - debhelper
+        - reprepro
+        - dchroot
+        - devscripts
+        - pbuilder
+        - pkg-config
+        - python-dev
+        - python-pip
+        - python-virtualenv
+        - libtool
+        - autotools-dev
+        - automake
+        - debian-archive-keyring
+        # jenkins-job-builder job:
+        - libyaml-dev
+        # ceph-docs job:
+        - doxygen
+        - ditaa
+        - ant
+      when: ansible_pkg_mgr  == "apt"
+
+    - name: Add the Debian Jessie Key
+      sudo: yes
+      when: ansible_pkg_mgr  == "apt"
+      apt_key: id=2B90D010 url=https://ftp-master.debian.org/keys/archive-key-8.asc keyring=/etc/apt/trusted.gpg state=present
+
+    - name: Add the Debian Security Jessie Key
+      sudo: yes
+      when: ansible_pkg_mgr  == "apt"
+      apt_key: id=C857C906 url=https://ftp-master.debian.org/keys/archive-key-8-security.asc keyring=/etc/apt/trusted.gpg state=present
+
+    - name: Add the Debian Jessie Stable Key
+      sudo: yes
+      when: ansible_pkg_mgr  == "apt"
+      apt_key: id=518E17E1 url=http://download.ceph.com/keys/jessie-stable-release.asc keyring=/etc/apt/trusted.gpg state=present
+
+    - name: Install openjdk-7-jre
+      apt: name=openjdk-7-jre state=present
+      when:
+        ansible_distribution_release in ['precise', 'trusty', 'wheezy', 'jessie']
+
+    - name: Install default openjdk for Xenial only
+      apt: name={{ item }} state=present
+      with_items:
+        - default-jdk
+        - default-jre
+      when:
+        ansible_distribution_release == 'xenial'
+
+    - name: correct java version selected
+      alternatives: name=java path=/usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
+      when:
+        (ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'precise') or
+        (ansible_distribution == 'Debian' and ansible_distribution_release == 'wheezy')
+
+    - name: ensure the rpmmacros file exists to fix centos builds
+      file: path="/home/{{ jenkins_user }}/.rpmmacros" owner="{{ jenkins_user }}" state=touch
+
+    - name: write the rpmmacros needed in centos
+      lineinfile:
+        dest: "/home/{{ jenkins_user }}/.rpmmacros"
+        regexp: '^%dist'
+        line: '%dist .el{{ ansible_distribution_major_version }}'
+      when: ansible_pkg_mgr  == "yum"
+
+    - name: ensure the gitconfig file exists
+      shell: printf "[user]\name=Ceph CI\nemail=ceph-release-team@redhat.com\n" > /home/{{ jenkins_user }}/.gitconfig
+
+    - name: ensure the gitconfig file has right permissions
+      file:
+        path: "/home/{{ jenkins_user }}/.gitconfig"
+        owner: "{{ jenkins_user }}"
+
+    - name: ensure that the current host is in /etc/hosts. Yes this is a thing.
+      sudo: true
+      replace:
+        backup: yes
+        dest: /etc/hosts
+        regexp: '^(127\.0\.1\.1(?!.*\b{{ ansible_hostname }}\b).*)$'
+        replace: '\1 {{ ansible_hostname }}'
+
+    - name: ensure that 127.0.1.1 is present with an actual hostname
+      sudo: true
+      lineinfile:
+        dest: /etc/hosts
+        regexp: '^(127\.0\.1\.1(?!.*\b{{ ansible_hostname }}\b).*)$'
+        line: '127.0.1.1 {{ ansible_hostname }}'
+
+    - name: install six, latest one
+      sudo: true
+      pip: name=six state=latest
+
+    - name: install python-jenkins
+      sudo: true
+      # https://bugs.launchpad.net/python-jenkins/+bug/1500898
+      pip: name=python-jenkins version=0.4.7
+
+    - name: add github.com host key
+      sudo: true
+      known_hosts:
+        path: '/etc/ssh/ssh_known_hosts'
+        # we need to use 'host' here because prado currently uses ansible-playbook==1.9.1
+        host: 'github.com'
+        # github.com.pub is the output of `ssh-keyscan github.com`
+        key: "{{ lookup('file', 'files/ssh/hostkeys/github.com.pub') }}"
+
+    - name: register the new slave to jenkins master with ssh
+      jenkins-node:
+        username: "{{ api_user }}"
+        uri: "{{ api_uri }}"
+        password: "{{ token }}"
+        # relies on a convention to set a unique name that allows a reverse
+        # mapping from Jenkins back to whatever service created the current
+        # node
+        name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
+        labels: "{{ labels }}"
+        host: "{{ ansible_default_ipv4.address }}"
+        credentialsId: '39fa150b-b2a1-416e-b334-29a9a2c0b32d'
+        remoteFS: '/home/{{ jenkins_user }}/build'
+        executors: '{{ executors|default(1) }}'
+        exclusive: true
+      when: not use_jnlp
+
+    - name: register the new slave to jenkins master with jnlp
+      jenkins-node:
+        username: "{{ api_user }}"
+        uri: "{{ api_uri }}"
+        password: "{{ token }}"
+        # relies on a convention to set a unique name that allows a reverse
+        # mapping from Jenkins back to whatever service created the current
+        # node
+        name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
+        labels: "{{ labels }}"
+        host: "{{ ansible_default_ipv4.address }}"
+        credentialsId: '39fa150b-b2a1-416e-b334-29a9a2c0b32d'
+        launcher: 'hudson.slaves.JNLPLauncher'
+        remoteFS: '/home/{{ jenkins_user }}/build'
+        # XXX this should be configurable, not all nodes should have one executor
+        executors: '{{ executors|default(1) }}'
+        exclusive: true
+      when: use_jnlp
+
+    - name: Download slave.jar
+      get_url:
+        url: "{{ api_uri }}/jnlpJars/slave.jar"
+        dest: "/home/{{ jenkins_user }}/slave.jar"
+      when: use_jnlp
+
+    - name: install the systemd unit file for jenkins 
+      template:
+        src: "templates/systemd/jenkins.service.j2"
+        dest: "/etc/systemd/system/jenkins.service"
+      sudo: true
+      when: use_jnlp
+
+    - name: start jenkins service
+      service:
+        name: jenkins
+        state: started
+        enabled: yes
+      sudo: yes
+      when: use_jnlp