From: Ken Dreyer <kdreyer@redhat.com>
Date: Thu, 22 Oct 2015 23:45:21 +0000 (-0600)
Subject: ansible: add mask-passwords plugin
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ec0c983ace1c5e76180e96a6fc750277ee2fef70;p=ceph-build.git

ansible: add mask-passwords plugin

https://wiki.jenkins-ci.org/display/JENKINS/Mask+Passwords+Plugin

Currently the jenkins-job-builder job relies on a static
/etc/jenkins_jobs.ini config file that we put into place on a slave by
hand. We do that to avoid exposing the account password that JJB uses.

The mask-passwords Jenkins plugin will allow us to dynamically write
passwords in to files on the fly. This means that we can construct
JJB's config file on the fly, or chacractl's config file, etc. It allows
us to avoid storing cryptographic secrets (passwords) on the slaves,
since the secret material will only be stored on the master.
---

diff --git a/ansible/master.yml b/ansible/master.yml
index a09fdf28..2db2d77c 100644
--- a/ansible/master.yml
+++ b/ansible/master.yml
@@ -29,6 +29,7 @@
       - 'credentials'
       - 'copyartifact'
       - 'github-oauth'
+      - 'mask-passwords'
 
     - port: 8080
     - prefix: '/build'