finallycoffee/cicd
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(jenkins): add role to deploy jenkins #1

Merged
transcaffeine merged 4 commits from transcaffeine/jenkins into main 2025-02-09 17:44:55 +00:00
Conversation 0 Commits 4 Files Changed 30 +214
11 changed files with 214 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 94f15cc402 - Show all commits

2
README.md
View File

@ -8,6 +8,8 @@ proxies and artifact registries.
## Roles ## Roles
- [`jenkins`](roles/jenkins/README.md): Deploy [jenkins](https://jenkins.io), the self-proclaimed 'leading open source automation server'.
## License ## License
[CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License [CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License

6
playbooks/jenkins.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Install and configure jenkins
hosts: "{{ jenkins_hosts | default('jenkins', true) }}"
become: "{{ jenkins_become | default(true, true) }}"
roles:
- role: finallycoffee.cicd.jenkins

3
roles/jenkins/README.md Normal file
View File

@ -0,0 +1,3 @@
# `finallycoffee.cicd.jenkins` ansible role
Deploy and configure [Jenkins](https://jenkins.io) using ansible.

59
roles/jenkins/defaults/main/container.yml Normal file
View File

@ -0,0 +1,59 @@
---
jenkins_container_name: "jenkins"
jenkins_container_image: >-2
{{
[
jenkins_container_image_repository,
jenkins_container_image_tag
| default(
jenkins_version + (
((jenkins_container_image_flavour is string)
and (jenkins_container_image_flavour | length > 0))
| ternary(
'-' + jenkins_container_image_flavour | default('', true),
''
)
),
true
)
] | join(':')
}}
jenkins_container_image_registry: docker.io
jenkins_container_image_namespace: jenkins
jenkins_container_image_name: jenkins
jenkins_container_image_repository: >-2
{{
[
jenkins_container_image_registry | default([], true),
jenkins_container_image_namespace | default([], true),
jenkins_container_image_name
] | flatten | join('/')
}}
jenkins_container_image_source: "pull"
jenkins_container_image_force_source: >-2
{{ jenkins_container_image_tag | default(true, true) }}
jenkins_container_image_tag: ~
jenkins_container_image_flavour: "jdk17"
jenkins_container_env: ~
jenkins_container_user: >-2
{{ jenkins_user_uid }}:{{ jenkins_user_gid }}
jenkins_container_ports: ~
jenkins_container_state: >-2
{{ (jenkins_state == 'present') | ternary('started', 'absent') }}
jenkins_container_labels:
version: "{{ jenkins_container_image_tag | default(jenkins_version, true) }}"
jenkins_container_networks: ~
jenkins_container_etc_hosts: ~
jenkins_container_base_volumes:
- "{{ jenkins_home_path }}:{{ jenkins_container_home_path }}:rw"
- "{{ jenkins_etc_passwd_shim_path }}:/etc/passwd:ro"
jenkins_container_volumes: ~
jenkins_container_all_volumes: >-2
{{ jenkins_container_base_volumes | default([], true)
+ jenkins_container_volumes | default([], true) }}
jenkins_container_restart_policy: "on-failure"
# Determined by upstream image
jenkins_container_home_path: "/var/jenkins_home"
jenkins_container_tcp_listen_port: "8080"

17
roles/jenkins/defaults/main/main.yml Normal file
View File

@ -0,0 +1,17 @@
---
jenkins_user: "jenkins"
jenkins_user_is_system: true
jenkins_user_create_home: false
jenkins_versions:
lts: "2.479.3"
weekly: "2.496"
jenkins_version_channel: "lts"
jenkins_version: "{{ jenkins_versions[jenkins_version_channel] }}"
jenkins_state: present
jenkins_deployment_method: docker
jenkins_home_path: "/var/lib/jenkins"
jenkins_etc_passwd_shim_path: "/etc/jenkins/docker-passwd"
jenkins_user_uid: "{{ jenkins_user_info.uid }}"
jenkins_user_gid: "{{ jenkins_user_info.group }}"

13
roles/jenkins/handlers/default.yml Normal file
View File

@ -0,0 +1,13 @@
---
- name: Restart jenkins container '{{ jenkins_container_name }}'
community.docker.docker_container:
name: "{{ jenkins_container_name }}"
state: "started"
restart: true
comparisons:
'*': "ignore"
when:
- jenkins_deployment_method == 'docker'
- jenkins_container_state == 'started'
listen: jenkins_restart
ignore_errors: "{{ ansible_check_mode }}"

21
roles/jenkins/tasks/check.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: Ensure 'jenkins_state' is valid
ansible.builtin.fail:
msg: >-2
Unsupported jenkins_state '{{ jenkins_state }}'.
Supported values are: {{ jenkins_states | join(', ') }}
when: jenkins_state not in jenkins_states
- name: Ensure 'jenkins_deployment_method' is valid
ansible.builtin.fail:
msg: >-2
Unsupported jenkins_deployment_method '{{ jenkins_deployment_method }}'.
Supported values are: {{ jenkins_deployment_methods | join(', ') }}
when: jenkins_deployment_method not in jenkins_deployment_methods
- name: Ensure 'jenkins_version_channel' is valid
ansible.builtin.fail:
msg: >-2
Unsupported jenkins_version_channel '{{ jenkins_version_channel }}'.
Supported values are: {{ jenkins_version_channels | join(', ') }}
when: jenkins_version_channel not in jenkins_version_channels

40
roles/jenkins/tasks/deploy-docker.yml Normal file
View File

@ -0,0 +1,40 @@
---
- name: Ensure jenkins container image '{{ jenkins_container_image }}' is {{ jenkins_state }}
community.docker.docker_image:
name: "{{ jenkins_container_image }}"
state: "{{ jenkins_state }}"
source: "{{ jenkins_container_image_source }}"
force_source: "{{ jenkins_container_image_force_source }}"
- name: Ensure jenkins configuration folder is created
ansible.builtin.file:
path: "{{ jenkins_etc_passwd_shim_path | dirname }}"
state: directory
mode: "0755"
owner: "root"
group: "root"
when: jenkins_state == 'present'
- name: Ensure jenkins fake '/etc/passwd' is created
ansible.builtin.template:
src: "docker-passwd.j2"
dest: "{{ jenkins_etc_passwd_shim_path }}"
mode: "0644"
owner: "root"
group: "root"
when: jenkins_state == 'present'
notify:
- jenkins_restart
- name: Ensure jenkins container '{{ jenkins_container_name }}' is {{ jenkins_container_state }}
community.docker.docker_container:
name: "{{ jenkins_container_name }}"
image: "{{ jenkins_container_image }}"
env: "{{ jenkins_container_env | default(omit, true) }}"
user: "{{ jenkins_container_user | default(omit, true) }}"
ports: "{{ jenkins_container_ports | default(omit, true) }}"
labels: "{{ jenkins_container_labels | default(omit, true) }}"
networks: "{{ jenkins_container_networks | default(omit, true) }}"
volumes: "{{ jenkins_container_all_volumes }}"
restart_policy: "{{ jenkins_container_restart_policy }}"
state: "{{ jenkins_container_state }}"

26
roles/jenkins/tasks/main.yml Normal file
View File

@ -0,0 +1,26 @@
---
- name: Ensure role arguments are valid
ansible.builtin.include_tasks:
file: "check.yml"
- name: Ensure jenkins user '{{ jenkins_user }}' is {{ jenkins_state }}
ansible.builtin.user:
name: "{{ jenkins_user }}"
state: "{{ jenkins_state }}"
system: "{{ jenkins_user_is_system }}"
create_home: "{{ jenkins_user_create_home }}"
register: jenkins_user_info
- name: Ensure jenkins home '{{ jenkins_home_path }}' is {{ jenkins_state }}
ansible.builtin.file:
path: "{{ jenkins_home_path }}"
state: "{{ (jenkins_state == 'present') | ternary('directory', 'absent') }}"
mode: "{{ jenkins_home_path_mode | default('0750', true) }}"
owner: "{{ jenkins_user_uid | default(jenkins_user, true) }}"
group: "{{ jenkins_user_gid | default(jenkins_user, true) }}"
notify:
- jenkins_restart
- name: Ensure jenkins is deployed using {{ jenkins_deployment_method }}
ansible.builtin.include_tasks:
file: "deploy-{{ jenkins_deployment_method }}.yml"

19
roles/jenkins/templates/docker-passwd.j2 Normal file
View File

@ -0,0 +1,19 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
jenkins:x:{{ jenkins_user_uid }}:{{ jenkins_user_gid }}::/var/jenkins_home:/bin/bash

8
roles/jenkins/vars/main.yml Normal file
View File

@ -0,0 +1,8 @@
---
jenkins_states:
- absent
- present
jenkins_deployment_methods:
- docker
jenkins_version_channels: >-2
{{ (jenkins_versions.keys()) | list }}