From f87d58bd5f57164d222ce4504c851ab75518eeb6 Mon Sep 17 00:00:00 2001 From: Alfredo Deza Date: Wed, 24 Jun 2015 16:41:34 -0400 Subject: [PATCH] push a work-in-progress for setting up slaves with ansible Signed-off-by: Alfredo Deza --- .../slaves/files/ssh/keys/jenkins_build.pub | 1 + ansible/slaves/hosts | 8 +++ ansible/slaves/slave.yml | 58 +++++++++++++++++++ 3 files changed, 67 insertions(+) create mode 100644 ansible/slaves/files/ssh/keys/jenkins_build.pub create mode 100644 ansible/slaves/hosts create mode 100644 ansible/slaves/slave.yml diff --git a/ansible/slaves/files/ssh/keys/jenkins_build.pub b/ansible/slaves/files/ssh/keys/jenkins_build.pub new file mode 100644 index 00000000..e4c92628 --- /dev/null +++ b/ansible/slaves/files/ssh/keys/jenkins_build.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDI0tHxJQ7n+uMiLpsoR6CKAVd0xatgVQuqp/gmnGpZU0kE54a29vPNnEt7/aLitbfyhc57rrbHOT09H3ov74GZKkoVBSbMJUSsK3drbN+58wcuk+HK0htRewmwCfcfi9AkrVbyw6pbPXW/pbjxnxLep52fKmpJJnImZ5eHRV5le9OSAcLA1LHYR4y9R3IOrTp7jgpE205UxZi5OopAx7gkyTsmfydvmq4MjaSwbVOJ7aW/Fdt5FVxNJP3Zl/OrvDoo/1WovoRIDbVQH8JFpLikMSnCqtBVIHDeW6imAKl6dpn9Gf4FxD94+OcurhXo2p0pvSzC4Strg4d2Sxqh4wph jenkins-build diff --git a/ansible/slaves/hosts b/ansible/slaves/hosts new file mode 100644 index 00000000..5b50447d --- /dev/null +++ b/ansible/slaves/hosts @@ -0,0 +1,8 @@ +[rpm] +jenkins-centos6-5.front.sepia.ceph.com +jenkins-centos7.front.sepia.ceph.com +jenkins-centos6-5b.front.sepia.ceph.com +jenkins-centos7b.front.sepia.ceph.com + +[deb] +mira062.front.sepia.ceph.com diff --git a/ansible/slaves/slave.yml b/ansible/slaves/slave.yml new file mode 100644 index 00000000..1b183459 --- /dev/null +++ b/ansible/slaves/slave.yml @@ -0,0 +1,58 @@ +--- + +- hosts: all + sudo: true + vars: + - jenkins_user: 'jenkins-build' + tasks: + - name: create a jenkins-build user + user: name=jenkins-build comment="Jenkins Build Slave User" + + - name: Create .ssh directory + file: path=/home/jenkins-build/.ssh + state=directory + + - name: set the authorized keys + authorized_key: user=jenkins-build key="{{ lookup('file', 'files/ssh/keys/jenkins_build.pub') }}" + + # FIXME: this doesn't work right now as we aren't pushing private keys + # around in public repos + - name: ensure private key is present + copy: src=files/ssh/keys/jenkins_build dest=/home/{{ jenkins_user }}/.ssh/id_rsa mode=0600 + + - name: ensure public key is present + copy: src=files/ssh/keys/jenkins_build.pub dest=/home/{{ jenkins_user }}/.ssh/id_rsa.pub mode=0600 + + # FIXME: this needs line_in_file with validation, that has: + # jenkins-build ALL=(ALL:ALL) NOPASSWD:ALL + # Copy a new "sudoers" file into place, after passing validation with visudo + # - copy: src=files/sudoers dest=/etc/sudoers validate='visudo -cf %s' + + - name: ensure the build dir exists + file: path=/home/{{ jenkins_user }}/build state=directory owner={{ jenkins_user }} + + - name: copy the gnupg files to build/ + synchronize: src=files/gnupg.ceph-release dest=/home/{{ jenkins_user }}/build/gnupg.ceph-release + + - name: Install RPM requirements + sudo: yes + yum: name={{ item }} state=present + with_items: + - createrepo + - epel-release + #- rpm-sign + when: ansible_pkg_mgr == "yum" + + - name: Install DEB requirements + sudo: yes + apt: name={{ item }} state=present + with_items: + - fakeroot + - fakeroot-ng + - debhelper + - reprepro + - dchroot + - devscripts + - pbuilder + - pkg-config + when: ansible_pkg_mgr == "apt" -- 2.39.5