From: David Galloway Date: Wed, 23 Oct 2019 14:21:56 +0000 (-0400) Subject: ansible: Just use the example X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F1422%2Fhead;p=ceph-build.git ansible: Just use the example In our setup, the example is the canonical playbook that works. If, for some reason, ceph-build.git is used by someone else, they can rm the symlink and create their own `ansible/slave.yml` but for our purposes, there's no need to keep separate playbooks as it just creates confusion when modifying the playbooks. Signed-off-by: David Galloway --- diff --git a/ansible/slave.yml b/ansible/slave.yml deleted file mode 100644 index 105042028..000000000 --- a/ansible/slave.yml +++ /dev/null @@ -1,442 +0,0 @@ ---- - -- hosts: all - become: true - user: ubuntu - vars: - - jenkins_user: 'jenkins-build' - - jenkins_key: 'playbook/files/ssh/keys/jenkins_build.pub' - # jenkins API credentials: - - api_user: 'ceph-jenkins' - - token: '{{ token }}' - - api_uri: 'https://jenkins.ceph.com' - - jenkins_credentials_uuid: 'jenkins-build' - - nodename: '{{ nodename }}' - - labels: '{{ labels }}' - - use_jnlp: false - - osc_user: 'username' - - osc_pass: 'password' - - tasks: - - name: uninstall resolvconf on Ubuntu to manually manage resolv.conf - apt: - name: resolvconf - state: absent - when: ansible_os_family == "Debian" - - - name: check for NetworkManager conf - stat: - path: /etc/NetworkManager/NetworkManager.conf - register: nm_conf - - - name: tell NetworkManager to leave resolv.conf alone on CentOS - lineinfile: - dest: /etc/NetworkManager/NetworkManager.conf - regexp: '^dns=' - line: 'dns=none' - state: present - when: ansible_os_family == "RedHat" and nm_conf.stat.exists - - - name: tell dhclient to leave resolv.conf alone on Ubuntu - lineinfile: - dest: /etc/dhcp/dhclient.conf - regexp: 'prepend domain-name-servers' - line: 'supersede domain-name-servers 8.8.8.8;' - state: present - when: ansible_os_family == "Debian" - - - name: use Google DNS for name resolution - lineinfile: - dest: /etc/resolv.conf - regexp: '^nameserver' - line: 'nameserver 8.8.8.8' - state: present - - - name: "create a {{ jenkins_user }} group" - group: - name: "{{ jenkins_user }}" - state: present - - - name: "create a {{ jenkins_user }} user" - user: - name: "{{ jenkins_user }}" - group: "{{ jenkins_user }}" - state: present - comment: "Jenkins Build Slave User" - - - name: "create a {{ jenkins_user }} home directory" - file: - path: "/home/{{ jenkins_user }}/" - state: directory - owner: "{{ jenkins_user }}" - - - name: Create .ssh directory - file: - path: "/home/{{ jenkins_user }}/.ssh" - state: directory - owner: "{{ jenkins_user }}" - - - name: set the authorized keys - authorized_key: - user: "{{ jenkins_user }}" - key: "{{ lookup('file', '{{ jenkins_key }}') }}" - - - name: "ensure {{ jenkins_user }} can sudo without a prompt" - lineinfile: - dest: /etc/sudoers - regexp: '^{{ jenkins_user }} ALL' - line: '{{ jenkins_user }} ALL=(ALL:ALL) NOPASSWD:ALL' - validate: 'visudo -cf %s' - - - name: set utf-8 for LC_ALL - lineinfile: - dest: "/home/{{ jenkins_user }}/.bashrc" - regexp: '^export LC_ALL=' - line: "export LC_ALL=en_US.UTF-8" - create: true - state: present - - - name: set utf-8 for LANG - lineinfile: - dest: "/home/{{ jenkins_user }}/.bashrc" - regexp: '^export LANG=' - line: "export LANG=en_US.UTF-8" - - - name: set utf-8 for LANGUAGE - lineinfile: - dest: "/home/{{ jenkins_user }}/.bashrc" - regexp: '^export LANGUAGE=' - line: "export LANGUAGE=en_US.UTF-8" - - - name: ensure the build dir exists - file: - path: "/home/{{ jenkins_user }}/build" - state: directory - owner: "{{ jenkins_user }}" - - - name: Create .config/osc directory - file: - path: "/home/{{ jenkins_user }}/.config/osc" - state: directory - owner: "{{ jenkins_user }}" - when: ansible_pkg_mgr == "zypper" - - - name: Add oscrc file - blockinfile: - create: yes - block: | - [general] - apiurl = https://api.opensuse.org - #build-root = /var/tmp/build-root/%(repo)s-%{arch)s - - [https://api.opensuse.org] - user = {{ osc_user }} - pass = {{ osc_pass }} - - path: "/home/{{ jenkins_user }}/.config/osc/oscrc" - become_user: "{{ jenkins_user }}" - when: ansible_pkg_mgr == "zypper" - - - name: ensure the home dir has the right owner permissions - file: - path: "/home/{{ jenkins_user }}" - state: directory - owner: "{{ jenkins_user }}" - group: "{{ jenkins_user }}" - recurse: yes - - - name: Install epel repo - yum: - name: epel-release - state: latest - when: ansible_os_family == "RedHat" - - - name: disable epel for now - lineinfile: - path: "/etc/yum.repos.d/epel.repo" - regexp: '^enabled=.*' - line: 'enabled=0' - when: ansible_os_family == "RedHat" - - - name: Install RPM requirements - yum: - name: "{{ item }}" - state: present - with_items: - - createrepo - - epel-release - - java-1.8.0-openjdk - - git - - python-virtualenv - - libtool - #- rpm-sign - - autoconf - - redhat-lsb-core - - automake - - cmake - - binutils - - bison - - flex - - gcc - - gcc-c++ - - gettext - - libtool - - make - - patch - - pkgconfig - - redhat-rpm-config - - rpm-build - - rpmdevtools - - openssl-devel - - libffi-devel - when: ansible_pkg_mgr == "yum" - - - name: Install requirements using zypper - zypper: - state: latest - update_cache: yes - name: - - autoconf - - automake - - binutils - - bison - - cmake - - ccache - - createrepo - - flex - - gcc - - gcc-c++ - - gettext-runtime - - git - - java-1_8_0-openjdk - - jq - - libffi-devel - - libopenssl-devel - - libtool - - lsb-release - - make - - patch - - pkg-config - - python2-pip - - python2-virtualenv - - python3-pip - - python3-virtualenv - - rpm-build - - rpmdevtools - - tig - - wget - # obs requirements - - osc - - build - when: ansible_pkg_mgr == "zypper" - - - name: install packages from epel - yum: - name: "{{ item }}" - state: present - enablerepo: epel - update_cache: yes - with_items: - - jq - - python-pip - when: ansible_os_family == "RedHat" - - # Run the equivalent of "apt-get update" as a separate step - - apt: - update_cache: yes - when: ansible_pkg_mgr == "apt" - - - name: Install DEB requirements - apt: - name: "{{ item }}" - state: present - with_items: - - git - - fakeroot - - fakeroot-ng - - debhelper - - reprepro - - dchroot - - devscripts - - pbuilder - - pkg-config - - python-dev - - python-pip - - python-virtualenv - - libtool - - autotools-dev - - automake - - libssl-dev - - libffi-dev - - debian-archive-keyring - # jenkins-job-builder job: - - libyaml-dev - - jq - # ceph-docs job: - - doxygen - - ditaa - - ant - when: ansible_pkg_mgr == "apt" - - - name: Add the Debian Jessie Key - apt_key: - id: 2B90D010 - url: https://ftp-master.debian.org/keys/archive-key-8.asc - keyring: /etc/apt/trusted.gpg - state: present - when: ansible_pkg_mgr == "apt" - - - name: Add the Debian Security Jessie Key - apt_key: - id: C857C906 - url: https://ftp-master.debian.org/keys/archive-key-8-security.asc - keyring: /etc/apt/trusted.gpg - state: present - when: ansible_pkg_mgr == "apt" - - - name: Add the Debian Jessie Stable Key - apt_key: - keyserver: pgp.mit.edu - id: 518E17E1 - when: ansible_pkg_mgr == "apt" - - - name: Install openjdk-7-jre - apt: - name: openjdk-7-jre - state: present - when: - ansible_distribution_release in ['precise', 'trusty', 'wheezy', 'jessie'] - - - name: Install default openjdk for Xenial only - apt: - name: "{{ item }}" - state: present - with_items: - - default-jdk - - default-jre - when: - ansible_distribution_release == 'xenial' - - - name: correct java version selected - alternatives: - name: java - path: /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java - when: - (ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'precise') or - (ansible_distribution == 'Debian' and ansible_distribution_release == 'wheezy') - - - name: ensure the rpmmacros file exists to fix centos builds - file: - path: "/home/{{ jenkins_user }}/.rpmmacros" - owner: "{{ jenkins_user }}" - state: touch - - - name: write the rpmmacros needed in centos - lineinfile: - dest: "/home/{{ jenkins_user }}/.rpmmacros" - regexp: '^%dist' - line: '%dist .el{{ ansible_distribution_major_version }}' - when: ansible_pkg_mgr == "yum" - - - name: ensure the gitconfig file exists - shell: printf "[user]\name=Ceph CI\nemail=ceph-release-team@redhat.com\n" > /home/{{ jenkins_user }}/.gitconfig - - - name: ensure the gitconfig file has right permissions - file: - path: "/home/{{ jenkins_user }}/.gitconfig" - owner: "{{ jenkins_user }}" - - - name: Set Hostname with hostname command - hostname: - name: "ceph-builders" - - - name: ensure that 127.0.1.1 is present with an actual hostname - lineinfile: - backup: yes - dest: /etc/hosts - line: '127.0.1.1 ceph-builders' - - - name: update etc cloud templates for debian /etc/hosts - lineinfile: - backup: yes - dest: /etc/cloud/templates/hosts.debian.tmpl - line: '127.0.1.1 ceph-builders' - when: ansible_os_family == "Debian" - - - name: update etc cloud templates for red hat /etc/hosts - lineinfile: - backup: yes - dest: /etc/cloud/templates/hosts.redhat.tmpl - line: '127.0.1.1 ceph-builders' - failed_when: false - when: ansible_os_family == "RedHat" - - - name: update etc cloud templates for suse /etc/hosts - lineinfile: - backup: yes - dest: /etc/cloud/templates/hosts.suse.tmpl - line: '127.0.1.1 ceph-builders' - failed_when: false - when: ansible_os_family == "Suse" - - - - name: install six, latest one - pip: - name: six - state: latest - when: ansible_os_family != "Suse" - - - name: install python-jenkins - # https://review.openstack.org/460363 - pip: - name: python-jenkins - version: 0.4.15 - - - name: add github.com host key - known_hosts: - path: '/etc/ssh/ssh_known_hosts' - # we need to use 'host' here because prado currently uses ansible-playbook==1.9.1 - host: 'github.com' - # github.com.pub is the output of `ssh-keyscan github.com` - key: "{{ lookup('file', 'playbook/files/ssh/hostkeys/github.com.pub') }}" - tags: github - - - name: register the new slave to jenkins master with ssh - jenkins_node: - username: "{{ api_user }}" - uri: "{{ api_uri }}" - password: "{{ token }}" - # relies on a convention to set a unique name that allows a reverse - # mapping from Jenkins back to whatever service created the current - # node - name: "{{ ansible_default_ipv4.address }}+{{ nodename }}" - labels: "{{ labels }}" - host: "{{ ansible_default_ipv4.address }}" - credentialsId: "{{ jenkins_credentials_uuid }}" - remoteFS: '/home/{{ jenkins_user }}/build' - executors: '{{ executors|default(1) }}' - exclusive: true - when: not use_jnlp - tags: - - register_slave - - - name: register the new slave to jenkins master with jnlp - jenkins_node: - username: "{{ api_user }}" - uri: "{{ api_uri }}" - password: "{{ token }}" - # relies on a convention to set a unique name that allows a reverse - # mapping from Jenkins back to whatever service created the current - # node - name: "{{ ansible_default_ipv4.address }}+{{ nodename }}" - labels: "{{ labels }}" - host: "{{ ansible_default_ipv4.address }}" - credentialsId: "{{ jenkins_credentials_uuid }}" - launcher: 'hudson.slaves.JNLPLauncher' - remoteFS: '/home/{{ jenkins_user }}/build' - # XXX this should be configurable, not all nodes should have one executor - executors: '{{ executors|default(1) }}' - exclusive: true - when: use_jnlp - tags: - - register_slave diff --git a/ansible/slave.yml b/ansible/slave.yml new file mode 120000 index 000000000..b9862807d --- /dev/null +++ b/ansible/slave.yml @@ -0,0 +1 @@ +examples/slave.yml \ No newline at end of file diff --git a/ansible/slave_libvirt.yml b/ansible/slave_libvirt.yml deleted file mode 100644 index 7725192c4..000000000 --- a/ansible/slave_libvirt.yml +++ /dev/null @@ -1,388 +0,0 @@ ---- - -- hosts: all - become: true - user: ubuntu - vars: - - jenkins_user: 'jenkins-build' - # jenkins API credentials: - - api_user: 'ceph-jenkins' - - token: '{{ token }}' - - api_uri: 'https://jenkins.ceph.com' - - jenkins_credentials_uuid: 'jenkins-build' - - nodename: '{{ nodename }}' - - labels: '{{ labels }}' - - use_jnlp: false - - tasks: - - name: uninstall resolvconf on Ubuntu to manually manage resolv.conf - apt: - name: resolvconf - state: absent - when: ansible_os_family == "Debian" - - - name: check for NetworkManager conf - stat: - path: /etc/NetworkManager/NetworkManager.conf - register: nm_conf - - - name: tell NetworkManager to leave resolv.conf alone on CentOS - lineinfile: - dest: /etc/NetworkManager/NetworkManager.conf - regexp: '^dns=' - line: 'dns=none' - state: present - when: ansible_os_family == "RedHat" and nm_conf.stat.exists - - - name: tell dhclient to leave resolv.conf alone on Ubuntu - lineinfile: - dest: /etc/dhcp/dhclient.conf - regexp: 'prepend domain-name-servers' - line: 'supersede domain-name-servers 8.8.8.8;' - state: present - when: ansible_os_family == "Debian" - - - name: use Google DNS for name resolution - lineinfile: - dest: /etc/resolv.conf - regexp: '^nameserver' - line: 'nameserver 8.8.8.8' - state: present - - # vagrant doesn't have repositories, this chacra repo will be better to have - # around and can get updates as soon as a new vagrant version is published via - # chacractl - - name: add the vagrant repository - apt_repository: - repo: "deb [trusted=yes] https://chacra.ceph.com/r/vagrant/latest/HEAD/ubuntu/xenial/flavors/default/ xenial main" - state: present - when: ansible_os_family == "Debian" - - - name: add the vagrant repository - yum_repository: - name: vagrant - description: self-hosted vagrant repo - baseurl: https://chacra.ceph.com/r/vagrant/latest/HEAD/centos/7/flavors/default/x86_64/ - enabled: yes - gpgcheck: no - when: ansible_os_family == "RedHat" - - - name: Install epel repo - yum: - name: epel-release - state: latest - when: ansible_os_family == "RedHat" - - - name: disable epel for now - lineinfile: - path: "/etc/yum.repos.d/epel.repo" - regexp: '^enabled=.*' - line: 'enabled=0' - when: ansible_os_family == "RedHat" - - # Run the equivalent of "apt-get update" as a separate step - - apt: - update_cache: yes - when: ansible_pkg_mgr == "apt" - - - name: Install DEB requirements - apt: - name: "{{ item }}" - state: present - with_items: - - git - - python-dev - - python-pip - - python-virtualenv - - libtool - - libssl-dev - - libffi-dev - - debian-archive-keyring - # jenkins-job-builder job: - - libyaml-dev - - qemu-kvm - - libvirt-bin - - libvirt-dev - - vagrant - when: ansible_pkg_mgr == "apt" - - - name: install requirements without epel - yum: - name: "{{ item }}" - state: present - disablerepo: epel - update_cache: yes - with_items: - - git - - gcc - - python-devel - - libffi-devel - - java-1.8.0-openjdk-devel - - qemu-kvm - - libvirt-devel - - libguestfs - - libvirt - - libguestfs-tools - - vagrant - - wget - - curl - - python-virtualenv - - openssl-devel - - redhat-lsb-core - - iproute - when: ansible_os_family == "RedHat" - - - name: install packages from epel - yum: - name: "{{ item }}" - state: present - enablerepo: epel - update_cache: yes - with_items: - - jq - - python-pip - when: ansible_os_family == "RedHat" - - - set_fact: - jenkins_group: 'libvirtd' - when: ansible_distribution_version == '16.04' - - - set_fact: - jenkins_group: 'libvirt' - when: (ansible_distribution_version == '16.10') or - (ansible_distribution_major_version|int >= 17) or - (ansible_os_family == "RedHat") - - - name: "create a {{ jenkins_user }} user" - user: - name: "{{ jenkins_user }}" - groups: "{{ jenkins_group }}" - append: yes - comment: "Jenkins Build Slave User" - - - name: "create a {{ jenkins_user }} home directory" - file: - path: "/home/{{ jenkins_user }}/" - state: directory - owner: "{{ jenkins_user }}" - - - name: Create .ssh directory - file: - path: "/home/{{ jenkins_user }}/.ssh" - state: directory - owner: "{{ jenkins_user }}" - - - name: install the vagrant-libvirt plugin - shell: vagrant plugin install vagrant-libvirt - become: yes - become_user: "{{ jenkins_user }}" - - - name: set the authorized keys - authorized_key: - user: "{{ jenkins_user }}" - key: "{{ lookup('file', 'playbook/files/ssh/keys/jenkins_build.pub') }}" - - - name: "ensure {{ jenkins_user }} can sudo without a prompt" - lineinfile: - dest: /etc/sudoers - regexp: '^{{ jenkins_user }} ALL' - line: '{{ jenkins_user }} ALL=(ALL:ALL) NOPASSWD:ALL' - validate: 'visudo -cf %s' - - - name: set utf-8 for LC_ALL - lineinfile: - dest: "/home/{{ jenkins_user }}/.bashrc" - regexp: '^export LC_ALL=' - line: "export LC_ALL=en_US.UTF-8" - create: true - state: present - - - name: set utf-8 for LANG - lineinfile: - dest: "/home/{{ jenkins_user }}/.bashrc" - regexp: '^export LANG=' - line: "export LANG=en_US.UTF-8" - - - name: set utf-8 for LANGUAGE - lineinfile: - dest: "/home/{{ jenkins_user }}/.bashrc" - regexp: '^export LANGUAGE=' - line: "export LANGUAGE=en_US.UTF-8" - - - name: ensure the build dir exists - file: - path: "/home/{{ jenkins_user }}/build" - state: directory - owner: "{{ jenkins_user }}" - - - name: ensure the home dir has the right owner permissions - file: - path: "/home/{{ jenkins_user }}" - state: directory - owner: "{{ jenkins_user }}" - group: "{{ jenkins_user }}" - recurse: yes - - - name: Add the Debian Jessie Key - apt_key: - id: 2B90D010 - url: https://ftp-master.debian.org/keys/archive-key-8.asc - keyring: /etc/apt/trusted.gpg - state: present - when: ansible_pkg_mgr == "apt" - - - name: Add the Debian Security Jessie Key - apt_key: - id: C857C906 - url: https://ftp-master.debian.org/keys/archive-key-8-security.asc - keyring: /etc/apt/trusted.gpg - state: present - when: ansible_pkg_mgr == "apt" - - - name: Add the Debian Jessie Stable Release Key - apt_key: - keyserver: pgp.mit.edu - id: 75DDC3C4A499F1A18CB5F3C8CBF8D6FD518E17E1 - state: present - when: ansible_pkg_mgr == "apt" - - - name: Install openjdk-7-jre - apt: - name: openjdk-7-jre - state: present - when: - ansible_distribution_release in ['precise', 'trusty', 'wheezy', 'jessie'] - - - name: Install default openjdk for Xenial or Zesty - apt: - name: "{{ item }}" - state: present - with_items: - - default-jdk - - default-jre - when: - ansible_distribution_release in ['xenial', 'zesty'] - - - name: correct java version selected - alternatives: - name: java - path: /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java - when: - (ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'precise') or - (ansible_distribution == 'Debian' and ansible_distribution_release == 'wheezy') - - - name: ensure the gitconfig file exists - shell: printf "[user]\name=Ceph CI\nemail=ceph-release-team@redhat.com\n" > /home/{{ jenkins_user }}/.gitconfig - - - name: ensure the gitconfig file has right permissions - file: - path: "/home/{{ jenkins_user }}/.gitconfig" - owner: "{{ jenkins_user }}" - - - name: Set Hostname with hostname command - hostname: - name: "ceph-builders" - - - name: ensure that 127.0.1.1 is present with an actual hostname - lineinfile: - dest: /etc/hosts - line: '127.0.1.1 ceph-builders' - - # we need to update the cloud templates because 'manage_etc_hosts' is - # set to true on the image we use in OVH and some jobs will reboot - # these nodes causing the /etc/hosts file to be replace with these - # templates making jobs fail because the hostname is not resolvable - # not all our images have this setting though, so ignore failures on - # those nodes - - name: update the etc cloud templates for debian /etc/hosts - lineinfile: - dest: /etc/cloud/templates/hosts.debian.tmpl - line: '127.0.1.1 ceph-builders' - failed_when: false - - - name: update the etc cloud templates for debian /etc/hosts - lineinfile: - dest: /etc/cloud/templates/hosts.redhat.tmpl - line: '127.0.1.1 ceph-builders' - failed_when: false - - - name: install six, latest one - pip: - name: six - state: latest - - - name: install python-jenkins - # https://review.openstack.org/460363 - pip: - name: python-jenkins - version: 0.4.15 - - - name: add github.com host key - known_hosts: - path: '/etc/ssh/ssh_known_hosts' - # we need to use 'host' here because prado currently uses ansible-playbook==1.9.1 - host: 'github.com' - # github.com.pub is the output of `ssh-keyscan github.com` - key: "{{ lookup('file', 'playbook/files/ssh/hostkeys/github.com.pub') }}" - - - name: "configure libvirt permissions for {{ jenkins_user }}" - blockinfile: - dest: /etc/libvirt/qemu.conf - block: | - user = "{{ jenkins_user }}" - group = "{{ jenkins_user }}" - when: ansible_os_family == "RedHat" - - - name: start DEB libvirt services - service: - name: "{{ item }}" - state: restarted - with_items: - - libvirt-bin - - libvirt-guests - when: ansible_os_family == "Debian" - - - name: start RPM libvirt services - service: - name: "{{ item }}" - state: restarted - with_items: - - libvirtd - - libvirt-guests - when: ansible_os_family == "RedHat" - - - name: register the new slave to jenkins master with ssh - jenkins_node: - username: "{{ api_user }}" - uri: "{{ api_uri }}" - password: "{{ token }}" - # relies on a convention to set a unique name that allows a reverse - # mapping from Jenkins back to whatever service created the current - # node - name: "{{ ansible_default_ipv4.address }}+{{ nodename }}" - labels: "{{ labels }}" - host: "{{ ansible_default_ipv4.address }}" - credentialsId: "{{ jenkins_credentials_uuid }}" - remoteFS: '/home/{{ jenkins_user }}/build' - executors: '{{ executors|default(1) }}' - exclusive: true - when: not use_jnlp - - - name: register the new slave to jenkins master with jnlp - jenkins_node: - username: "{{ api_user }}" - uri: "{{ api_uri }}" - password: "{{ token }}" - # relies on a convention to set a unique name that allows a reverse - # mapping from Jenkins back to whatever service created the current - # node - name: "{{ ansible_default_ipv4.address }}+{{ nodename }}" - labels: "{{ labels }}" - host: "{{ ansible_default_ipv4.address }}" - credentialsId: "{{ jenkins_credentials_uuid }}" - launcher: 'hudson.slaves.JNLPLauncher' - remoteFS: '/home/{{ jenkins_user }}/build' - # XXX this should be configurable, not all nodes should have one executor - executors: '{{ executors|default(1) }}' - exclusive: true - when: use_jnlp diff --git a/ansible/slave_libvirt.yml b/ansible/slave_libvirt.yml new file mode 120000 index 000000000..32b4cdd61 --- /dev/null +++ b/ansible/slave_libvirt.yml @@ -0,0 +1 @@ +examples/slave_libvirt.yml \ No newline at end of file